{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32624", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-12T15:29:36.558Z", "datePublished": "2026-04-17T19:58:08.687Z", "dateUpdated": "2026-04-20T16:22:13.525Z"}, "containers": {"cna": {"title": "xrdp: Heap buffer overflow in xrdp_sec_process_logon_info() via incorrect g_strncat length calculation", "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7q2g-6fjr-h6pp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7q2g-6fjr-h6pp"}, {"name": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6", "tags": ["x_refsource_MISC"], "url": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6"}], "affected": [{"vendor": "neutrinolabs", "product": "xrdp", "versions": [{"version": "< 0.10.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-17T19:58:08.687Z"}, "descriptions": [{"lang": "en", "value": "xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domain_user_separator is configured in xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain name to overflow the internal buffer. This can corrupt adjacent memory regions, potentially leading to a Denial of Service (DoS) or unexpected behavior. The domain_name_separator directive is commented out by default, systems are not affected by this vulnerability unless it is intentionally configured. This issue has been fixed in version 0.10.6."}], "source": {"advisory": "GHSA-7q2g-6fjr-h6pp", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-20T16:22:06.067038Z", "id": "CVE-2026-32624", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T16:22:13.525Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32624", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-20T16:22:06.067038Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T16:22:09.341Z"}}], "cna": {"title": "xrdp: Heap buffer overflow in xrdp_sec_process_logon_info() via incorrect g_strncat length calculation", "source": {"advisory": "GHSA-7q2g-6fjr-h6pp", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "neutrinolabs", "product": "xrdp", "versions": [{"status": "affected", "version": "< 0.10.6"}]}], "references": [{"url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7q2g-6fjr-h6pp", "name": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7q2g-6fjr-h6pp", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6", "name": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domain_user_separator is configured in xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain name to overflow the internal buffer. This can corrupt adjacent memory regions, potentially leading to a Denial of Service (DoS) or unexpected behavior. The domain_name_separator directive is commented out by default, systems are not affected by this vulnerability unless it is intentionally configured. This issue has been fixed in version 0.10.6."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-17T19:58:08.687Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32624", "state": "PUBLISHED", "dateUpdated": "2026-04-20T16:22:13.525Z", "dateReserved": "2026-03-12T15:29:36.558Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-17T19:58:08.687Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:neutrinolabs:xrdp:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC4D3050-83C5-4368-B1D3-534B28E0917A", "versionEndExcluding": "0.10.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domain_user_separator is configured in xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain name to overflow the internal buffer. This can corrupt adjacent memory regions, potentially leading to a Denial of Service (DoS) or unexpected behavior. The domain_name_separator directive is commented out by default, systems are not affected by this vulnerability unless it is intentionally configured. This issue has been fixed in version 0.10.6."}], "id": "CVE-2026-32624", "lastModified": "2026-04-27T14:16:06.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-17T20:16:34.087", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Release Notes"], "url": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7q2g-6fjr-h6pp"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.10.6)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "xrdp", "source": "cna", "vendor": "neutrinolabs"}, "product": "xrdp", "vendor": "neutrinolabs"}], "analysis": {"en": {"generated_at": "2026-04-18T09:02:38.271110+00:00", "value": {"mitigation_remediation": ["Upgrade to xrdp version 0.10.6 or later", "Disable or remove the domain_user_separator setting in xrdp.ini", "Restart or reload the xrdp service to ensure the configuration change takes effect"], "summary": {"action": "Patch", "impact": "Denial of Service via heap buffer overflow"}, "threat_synthesis": {"affected_systems": "The affected product is xrdp from the Neutrinolabs project. Versions up through 0.10.5 are vulnerable; the issue was fixed in 0.10.6 and later releases. Only systems that have explicitly enabled the domain_user_separator configuration are at risk.", "description_and_impact": "xrdp is an open source Remote Desktop Protocol server that contains a heap-based buffer overflow in its logon processing. The vulnerability is triggered when the domain_user_separator setting is enabled in xrdp.ini and an unauthenticated remote attacker sends a username or domain name that is excessively long. The overflow corrupts adjacent memory regions, which can cause the application to crash or exhibit other unexpected behavior. The exploit does not provide code execution but can abruptly terminate the service, leading to a denial of service.", "risk_and_exploitability": "The CVSS score of 6.3 reflects a moderate severity, and no EPSS score is available. The vulnerability is not listed in CISA's KEV catalog. The attack vector is remote and unauthenticated: an attacker simply needs the ability to connect to the xrdp service and send a crafted logon request when domain_user_separator is configured. Even though the exploit is limited to causing service disruption, it is potentially exploitable by attackers who target high-availability environments or services that rely on uninterrupted RDP access."}}}}, "created": "2026-04-17T21:30:28.229335+00:00", "updated": "2026-04-18T09:15:15.962844+00:00", "vendors": ["neutrinolabs", "neutrinolabs$PRODUCT$xrdp"]}