Reachable assertion in FreeRDP - #VU137841
Published: July 16, 2026
FreeRDP
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to reachable assertion in serial_process_irp_device_control() in FreeRDP serial redirection handling when processing a server-supplied IRP_MJ_DEVICE_CONTROL request. A remote attacker can send a specially crafted request to cause a denial of service.
Serial port redirection must be enabled, and user interaction is required to connect the client to a malicious or compromised RDP server.