What is the CVSS score of CVE-2026-31806?

CVE-2026-31806 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Freerdp are affected by CVE-2026-31806?

FreeRDP versions prior to 3.24.0 contain a critical heap overflow vulnerability in graphics processing that could allow unauthenticated attackers to execute arbitrary code on systems using the remote…. A patch is available.

Freerdp CVE-2026-31806

EUVD-2026-12060 CRITICAL

Heap-based Buffer Overflow (CWE-122)

2026-03-13 GitHub_M

Buffer Overflow Heap Overflow Red Hat Freerdp Suse

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 05:50 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

3.24.0

EUVD ID Assigned

Mar 13, 2026 - 18:00 euvd

EUVD-2026-12060

Analysis Generated

Mar 13, 2026 - 18:00 vuln.today

CVE Published

Mar 13, 2026 - 17:40 nvd

CRITICAL 9.8

DescriptionNVD

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdi_surface_bits() function processes SURFACE_BITS_COMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height values provided by the server are not properly validated against the actual desktop dimensions. A malicious RDP server can supply crafted bmp.width and bmp.height values that exceed the expected surface size. Because these values are used during bitmap decoding and memory operations without proper bounds checking, this can lead to a heap buffer overflow. Since the attacker can also control the associated pixel data transmitted by the server, the overflow may be exploitable to overwrite adjacent heap memory. This vulnerability is fixed in 3.24.0.

AnalysisAI

Heap overflow in FreeRDP gdi_surface_bits() before 3.24.0.

RemediationAI

Within 24 hours: Inventory all systems running FreeRDP and identify those with versions prior to 3.24.0. Within 7 days: Deploy FreeRDP 3.24.0 or later across all affected systems; prioritize systems handling sensitive data or acting as network access points. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory