Input validation error in FreeRDP - #VU137826
Published: July 16, 2026
FreeRDP
Detailed vulnerability description
The vulnerability allows a remote attacker to inject headers into HTTP proxy CONNECT requests.
The vulnerability exists due to improper input validation in http_proxy_connect() when processing a server-controlled redirected TargetNetAddress through an HTTP proxy connection. A remote attacker can send a crafted redirection PDU containing CRLF or other control characters to inject headers into HTTP proxy CONNECT requests.
Exploitation requires the client to use an HTTP proxy and to connect to a malicious or compromised RDP server that can send a redirection PDU.