Is Use After Free affected by CVE-2026-24684?

FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in audio playback functionality that could allow attackers to execute arbitrary code or crash systems during active Remote Desktop sessions.

CVE-2026-24684

HIGH

2026-02-09 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

Patch Released

Feb 10, 2026 - 15:02 nvd

Patch available

CVE Published

Feb 09, 2026 - 19:15 nvd

HIGH 7.5

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. This vulnerability is fixed in 3.22.0.

Analysis

FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in the audio playback subsystem where the RDPSND async thread processes queued audio packets after the channel has been closed and its internal state freed, causing a denial of service. The vulnerability affects systems running vulnerable FreeRDP versions and can be exploited remotely without authentication or user interaction. …

Remediation

Within 24 hours: Identify all systems running FreeRDP versions prior to 3.22.0 through inventory and vulnerability scanning tools. Within 7 days: Prioritize patching of internet-facing or customer-facing RDP services; evaluate if audio playback feature can be disabled on non-critical systems as interim mitigation. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: 0

Vendor Status

CVE-2026-24684 vulnerability details – vuln.today

Back

CVE-2026-24684

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Vendor Status

Share

CVE-2026-24684

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Vendor Status

Share

External POC / Exploit Code