Primary

Context

xrdp Heap-Based Buffer Overflow Vulnerability in EGFX Implementation Allowing Remote Code Execution

Vulnerability

Patched

A heap-based buffer overflow vulnerability has been identified in xrdp versions prior to 0.10.6. This issue resides in the EGFX (graphics dynamic virtual channel) implementation, where insufficient validation of client-controlled size parameters allows for out-of-bounds writes via crafted PDUs. Exploitation of this vulnerability can lead to process crashes or, in post-authentication scenarios, remote code execution. The vulnerability can be reproduced by sending specially crafted PDUs that exploit the lack of proper size validation, causing an out-of-bounds write that can be manipulated for code execution.

Impact

Successful exploitation of this vulnerability can cause process crashes or allow for remote code execution, depending on the authentication state.

Remediation

Users should update to xrdp version 0.10.6. If an immediate update is not possible, xrdp can be run as a non-privileged user to limit the impact of exploitation.

Added: Apr 17, 2026, 9:43 PM

Updated: Apr 17, 2026, 9:43 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

5.7

remediation

8.3

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

5.7

remediation

8.3

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

xrdp Heap-Based Buffer Overflow Vulnerability in EGFX Implementation Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

xrdp

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating