{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33689", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-23T16:34:59.932Z", "datePublished": "2026-04-17T20:16:31.248Z", "dateUpdated": "2026-04-20T16:21:39.933Z"}, "containers": {"cna": {"title": "xrdp: Pre-authentication out-of-bounds reads in channel parsers", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-92mr-6wpp-27jj", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-92mr-6wpp-27jj"}, {"name": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6", "tags": ["x_refsource_MISC"], "url": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6"}], "affected": [{"vendor": "neutrinolabs", "product": "xrdp", "versions": [{"version": "< 0.10.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-17T20:16:31.248Z"}, "descriptions": [{"lang": "en", "value": "xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the initial connection phase. This vulnerability results from insufficient validation of input buffer lengths before processing dynamic channel communication. Successful exploitation can lead to a denial-of-service (DoS) condition via a process crash or potential disclosure of sensitive information from the service's memory space. This issue has been fixed in version 0.10.6."}], "source": {"advisory": "GHSA-92mr-6wpp-27jj", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-20T16:21:30.532923Z", "id": "CVE-2026-33689", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T16:21:39.933Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33689", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-20T16:21:30.532923Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T16:21:35.785Z"}}], "cna": {"title": "xrdp: Pre-authentication out-of-bounds reads in channel parsers", "source": {"advisory": "GHSA-92mr-6wpp-27jj", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "neutrinolabs", "product": "xrdp", "versions": [{"status": "affected", "version": "< 0.10.6"}]}], "references": [{"url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-92mr-6wpp-27jj", "name": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-92mr-6wpp-27jj", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6", "name": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the initial connection phase. This vulnerability results from insufficient validation of input buffer lengths before processing dynamic channel communication. Successful exploitation can lead to a denial-of-service (DoS) condition via a process crash or potential disclosure of sensitive information from the service's memory space. This issue has been fixed in version 0.10.6."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-17T20:16:31.248Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33689", "state": "PUBLISHED", "dateUpdated": "2026-04-20T16:21:39.933Z", "dateReserved": "2026-03-23T16:34:59.932Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-17T20:16:31.248Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:neutrinolabs:xrdp:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC4D3050-83C5-4368-B1D3-534B28E0917A", "versionEndExcluding": "0.10.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the initial connection phase. This vulnerability results from insufficient validation of input buffer lengths before processing dynamic channel communication. Successful exploitation can lead to a denial-of-service (DoS) condition via a process crash or potential disclosure of sensitive information from the service's memory space. This issue has been fixed in version 0.10.6."}], "id": "CVE-2026-33689", "lastModified": "2026-04-27T14:14:26.617", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-17T21:16:32.963", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Release Notes"], "url": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-92mr-6wpp-27jj"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.10.6)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "xrdp", "source": "cna", "vendor": "neutrinolabs"}, "product": "xrdp", "vendor": "neutrinolabs"}], "analysis": {"en": {"generated_at": "2026-04-18T09:01:52.366481+00:00", "value": {"mitigation_remediation": ["Upgrade xrdp to version 0.10.6 or newer.", "Restrict inbound RDP traffic to trusted networks or specific IPs using firewall rules.", "Monitor xrdp logs for abnormal crashes or memory access errors to detect any lingering exploitation attempts."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service and Potential Information Disclosure"}, "threat_synthesis": {"affected_systems": "The affected product is the open\u2011source xrdp server from Neutrinolabs. Vulnerable versions are 0.10.5 and older. The issue was fixed with the release of version 0.10.6.", "description_and_impact": "xrdp includes an out-of-bounds read during the pre\u2011authentication RDP message parsing phase. An attacker can send a crafted sequence of packets before authentication is completed, causing the program to read beyond the bounds of the input buffer. The resulting memory corruption can trigger a process crash, producing a denial\u2011of\u2011service, or in some scenarios allow the attacker to read sensitive data from service memory. The flaw arises from insufficient validation of buffer lengths in the dynamic channel communication logic.", "risk_and_exploitability": "The CVSS score of 8.7 indicates a high severity vulnerability. EPSS data are not available, and the flaw is not listed in the CISA KEV catalog. An attacker need only be able to establish an initial RDP connection to the target system; the flaw is triggered during the pre\u2011authentication message exchange, allowing remote, unauthenticated exploitation. Given the high score and the nature of the attack vector, organizations should treat this as an urgent risk."}}}}, "created": "2026-04-17T22:00:10.828805+00:00", "updated": "2026-04-18T09:15:15.962178+00:00", "vendors": ["neutrinolabs", "neutrinolabs$PRODUCT$xrdp"]}