NULL pointer dereference in FreeRDP - #VU137823
Published: July 16, 2026
FreeRDP
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a null pointer dereference in smartcard emulation cache handling when processing peer-controlled SCARD_IOCTL_READCACHEA or SCARD_IOCTL_WRITECACHEA requests with a null lookup-name pointer. A remote attacker can send a specially crafted smartcard cache request to cause a denial of service.
Smartcard redirection or smartcard emulation must be enabled, and the request must include a valid CardIdentifier.