Use-after-free in FreeRDP - #VU137836
Published: July 16, 2026
FreeRDP
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service or disclose sensitive information.
The vulnerability exists due to use-after-free in the async update message proxy for RAIL WINDOW_STATE_ORDER handling when processing crafted update orders from an RDP server with AsyncUpdate enabled. A remote attacker can send crafted update orders to cause a denial of service or disclose sensitive information.
Only clients with AsyncUpdate enabled are vulnerable.