CVE-2026-27950
Publication date 26 February 2026
Last updated 27 February 2026
Ubuntu priority
Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution flow referenced in the advisory exists in the SDL2 implementation, the fix appears to have been applied only to the SDL3 code path. In the SDL2 implementation, the pointer is not nulled after free. This creates a situation where the advisory suggests the vulnerability is fully resolved, while builds or environments still using SDL2 may retain the vulnerable logic. A complete fix is available in version 3.23.0.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| freerdp | 25.10 questing | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| freerdp2 | 25.10 questing | Not in release |
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| freerdp3 | 25.10 questing |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy | Not in release |
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2026-27950
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rvfg-86cr-5r6p
- https://github.com/FreeRDP/FreeRDP/blob/master/client/SDL/SDL2/sdl_pointer.cpp#L63-L64
- https://github.com/FreeRDP/FreeRDP/commit/5f62aa11c1bdf00f94c40ea9ebb260a752740b80
- https://github.com/FreeRDP/FreeRDP/commit/c42ecbd183b001e76bfc3614cddfad0034acc758