{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32107", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T22:02:38.854Z", "datePublished": "2026-04-17T19:25:20.274Z", "dateUpdated": "2026-04-22T03:55:34.190Z"}, "containers": {"cna": {"title": "xrdp: Fail-open privilege drop in sesexec \u2014 child processes may execute as root if setuid fails", "problemTypes": [{"descriptions": [{"cweId": "CWE-273", "lang": "en", "description": "CWE-273: Improper Check for Dropped Privileges", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-p5m6-7m43-pjv9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-p5m6-7m43-pjv9"}, {"name": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6", "tags": ["x_refsource_MISC"], "url": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6"}], "affected": [{"vendor": "neutrinolabs", "product": "xrdp", "versions": [{"version": "< 0.10.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-17T19:25:20.274Z"}, "descriptions": [{"lang": "en", "value": "xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary code on the system. An additional exploit would be needed to facilitate this. This issue has been fixed in version 0.10.6."}], "source": {"advisory": "GHSA-p5m6-7m43-pjv9", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-21T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-32107"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T03:55:34.190Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32107", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-20T15:41:27.516762Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T15:41:33.638Z"}}], "cna": {"title": "xrdp: Fail-open privilege drop in sesexec \u2014 child processes may execute as root if setuid fails", "source": {"advisory": "GHSA-p5m6-7m43-pjv9", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "neutrinolabs", "product": "xrdp", "versions": [{"status": "affected", "version": "< 0.10.6"}]}], "references": [{"url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-p5m6-7m43-pjv9", "name": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-p5m6-7m43-pjv9", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6", "name": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary code on the system. An additional exploit would be needed to facilitate this. This issue has been fixed in version 0.10.6."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-273", "description": "CWE-273: Improper Check for Dropped Privileges"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-17T19:25:20.274Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32107", "state": "PUBLISHED", "dateUpdated": "2026-04-22T03:55:34.190Z", "dateReserved": "2026-03-10T22:02:38.854Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-17T19:25:20.274Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:neutrinolabs:xrdp:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC4D3050-83C5-4368-B1D3-534B28E0917A", "versionEndExcluding": "0.10.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary code on the system. An additional exploit would be needed to facilitate this. This issue has been fixed in version 0.10.6."}], "id": "CVE-2026-32107", "lastModified": "2026-04-27T14:19:37.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-17T20:16:33.677", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Release Notes"], "url": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-p5m6-7m43-pjv9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-273"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "xrdp: xrdp: Privilege Escalation via improper privilege management", "id": "2459273", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459273"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-273", "details": ["A flaw was found in xrdp, an open source Remote Desktop Protocol (RDP) server. The session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary code on the system."], "name": "CVE-2026-32107", "public_date": "2026-04-17T19:25:20Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-32107\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-32107\nhttps://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6\nhttps://github.com/neutrinolabs/xrdp/security/advisories/GHSA-p5m6-7m43-pjv9"], "statement": "This vulnerability doesn't affect any supported Red Hat products.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.10.6)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "xrdp", "source": "cna", "vendor": "neutrinolabs"}, "product": "xrdp", "vendor": "neutrinolabs"}], "analysis": {"en": {"generated_at": "2026-04-18T20:35:26.262990+00:00", "value": {"mitigation_remediation": ["Upgrade xrdp to version 0.10.6 or later, where the privilege drop bug is corrected.", "Remove the setuid bit from the sesexec binary (chmod u\u2011s /usr/sbin/xrdp\u2011sesexec) and configure the service to run as a non\u2011privileged user; this prevents escalation if privilege drop fails.", "Apply or enable a mandatory access control policy such as SELinux or AppArmor to restrict sesexec from accessing privileged resources, providing an additional barrier against privilege escalation."], "summary": {"action": "Immediate Patch", "impact": "Local Privilege Escalation"}, "threat_synthesis": {"affected_systems": "neutrinolabs xrdp below version 0.10.6 is affected. All releases up to 0.10.5 contain the flaw; the vulnerability is mitigated in version 0.10.6 and later.", "description_and_impact": "The vulnerability stems from an improper error handling in the privilege drop logic of xrdp\u2019s session execution component. When an authentication error occurs, the component fails to execute the required setuid operation, leaving child processes running with elevated root privileges. An attacker who has local authenticated access can exploit this fail\u2011open behavior to gain root and run arbitrary commands, potentially compromising the entire system. The weakness is categorized as CWE\u2011273 \u2013 Failure to Drop Privileges.", "risk_and_exploitability": "The vulnerability has a high CVSS score of 8.8, reflecting its severe impact and difficulty to exploit. The EPSS score of < 1% indicates a very low but non\u2011zero probability of exploitation, and the flaw is not listed in the CISA KEV catalog. It is intrinsically a local, authenticated vulnerability, implying that an attacker must be able to log into the target system. As the CVE description notes, an additional exploit is required to achieve privilege escalation; the privilege drop failure alone does not automatically grant root, so the flaw can be leveraged only in combination with another exploitation technique, which still underscores the need for prompt remediation."}}}}, "created": "2026-04-17T20:30:15.692590+00:00", "updated": "2026-04-18T20:45:05.716838+00:00", "vendors": ["neutrinolabs", "neutrinolabs$PRODUCT$xrdp"]}