Use-after-free in FreeRDP - #VU137835
Published: July 16, 2026
FreeRDP
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to use-after-free in the async update message proxy for WINDOW_ICON_ORDER when processing crafted RAIL Window Alternate Secondary Orders with WINDOW_ORDER_ICON. A remote attacker can send a specially crafted RDP update order to cause a denial of service.
Exploitation requires AsyncUpdate to be enabled on the client.