RDP vulnerabilities

Showing 1 - 50 of 114 CVEs

  1. CVE-2026-40398 Published May 12, 2026

    Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

  2. CVE-2026-32157 Published Apr 14, 2026

    Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  3. CVE-2026-26151 Published Apr 14, 2026

    Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.

  4. CVE-2026-31883 Published Mar 13, 2026

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header sizes from a size_t variable without checking for underflow. When nBlockAlign (received from the server) is set such that size % block_size == 0 triggers the header parsing at a point where size is smaller than the header (4 or 8 bytes), the subtraction wraps size to ~SIZE_MAX. The while (size > 0) loop then continues for an astronomical number of iterations. This vulnerability is fixed in 3.24.0.

  5. CVE-2026-25941 Published Feb 25, 2026

    FreeRDP is a free implementation of the Remote Desktop Protocol. Versions on the 2.x branch prior to to 2.11.8 and on the 3.x branch prior to 3.23.0 have an out-of-bounds read vulnerability in the FreeRDP client's RDPGFX channel that allows a malicious RDP server to read uninitialized heap memory by sending a crafted WIRE_TO_SURFACE_2 PDU with a `bitmapDataLength` value larger than the actual data in the packet. This can lead to information disclosure or client crashes when a user connects to a malicious server. Versions 2.11.8 and 3.23.0 fix the issue.

  6. CVE-2026-21533 Published Feb 10, 2026

    Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

  7. CVE-2026-21525 Published Feb 10, 2026

    Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.

  8. CVE-2026-21519 Published Feb 10, 2026

    Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

  9. CVE-2026-21514 Published Feb 10, 2026

    Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

  10. CVE-2026-21513 Published Feb 10, 2026

    Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

  11. CVE-2026-21510 Published Feb 10, 2026

    Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

  12. CVE-2026-23883 Published Jan 19, 2026

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, `xf_Pointer_New` frees `cursorPixels` on failure, then `pointer_free` calls `xf_Pointer_Free` and frees it again, triggering ASan UAF. A malicious server can trigger a client‑side use after free, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.

  13. CVE-2025-26399 Published Sep 23, 2025

    SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

  14. CVE-2025-47813 Published Jul 10, 2025

    loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.

  15. CVE-2025-48817 Published Jul 8, 2025

    Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  16. CVE-2025-47987 Published Jul 8, 2025

    Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.

  17. CVE-2025-49113 Published Jun 2, 2025

    Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

  18. CVE-2025-29967 Published May 13, 2025

    Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.

  19. CVE-2025-29966 Published May 13, 2025

    Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.

  20. CVE-2025-26645 Published Mar 11, 2025

    Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  21. CVE-2025-24045 Published Mar 11, 2025

    Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

  22. CVE-2025-24035 Published Mar 11, 2025

    Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

  23. CVE-2025-21297 Published Jan 14, 2025

    Windows Remote Desktop Services Remote Code Execution Vulnerability

  24. CVE-2024-49120 Published Dec 12, 2024

    Windows Remote Desktop Services Remote Code Execution Vulnerability

  25. CVE-2024-49119 Published Dec 12, 2024

    Windows Remote Desktop Services Remote Code Execution Vulnerability

  26. CVE-2024-49075 Published Dec 12, 2024

    Windows Remote Desktop Services Denial of Service Vulnerability

  27. CVE-2024-43599 Published Oct 8, 2024

    Remote Desktop Client Remote Code Execution Vulnerability

  28. CVE-2024-43582 Published Oct 8, 2024

    Remote Desktop Protocol Server Remote Code Execution Vulnerability

  29. CVE-2024-38077 Published Jul 9, 2024

    Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

  30. CVE-2024-38076 Published Jul 9, 2024

    Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

  31. CVE-2023-29352 Published Jun 14, 2023

    Windows Remote Desktop Security Feature Bypass Vulnerability

  32. CVE-2022-22015 Published May 10, 2022

    Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

  33. CVE-2022-23285 Published Mar 9, 2022

    Remote Desktop Client Remote Code Execution Vulnerability

  34. CVE-2022-21893 Published Jan 11, 2022

    Remote Desktop Protocol Remote Code Execution Vulnerability

  35. CVE-2021-41371 Published Nov 10, 2021

    Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

  36. CVE-2021-38631 Published Nov 10, 2021

    Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

  37. CVE-2021-36958 Published Aug 12, 2021

    <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>

  38. CVE-2021-34535 Published Aug 12, 2021

    Remote Desktop Client Remote Code Execution Vulnerability

  39. CVE-2020-16997 Published Nov 11, 2020

    Remote Desktop Protocol Server Information Disclosure Vulnerability

  40. CVE-2020-16927 Published Oct 16, 2020

    <p>A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding.</p> <p>To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Protocol (RDP) services.</p> <p>The update addresses the vulnerability by correcting how RDP handles connection requests.</p>

  41. CVE-2020-16896 Published Oct 16, 2020

    <p>An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Protocol (RDP) services.</p> <p>The update addresses the vulnerability by correcting how RDP handles connection requests.</p>

  42. CVE-2020-16863 Published Oct 16, 2020

    <p>A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the Remote Desktop Service on the target system to stop responding.</p> <p>To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Service.</p> <p>The update addresses the vulnerability by correcting how Remote Desktop Service handles connection requests.</p>

  43. CVE-2020-1466 Published Aug 17, 2020

    A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding. To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides RD Gateway services. The update addresses the vulnerability by correcting how RD Gateway handles connection requests.

  44. CVE-2020-11039 Published May 29, 2020

    In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0.

  45. CVE-2020-0734 Published Feb 11, 2020

    A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0681.

  46. CVE-2020-0681 Published Feb 11, 2020

    A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0734.

  47. CVE-2020-0660 Published Feb 11, 2020

    A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.

  48. CVE-2020-0612 Published Jan 14, 2020

    A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability'.

  49. CVE-2020-0611 Published Jan 14, 2020

    A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.

  50. CVE-2020-0610 Published Jan 14, 2020

    A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0609.