Skip to main content

Suse CVE-2026-32105

| EUVDEUVD-2026-23472 CRITICAL
Improper Validation of Integrity Check Value (CWE-354)
2026-04-17 GitHub_M
Critical
Disputed · 9.3 NVD
Share

Severity by source

Sources disagree (Medium–Critical)
GitHub Advisory PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
7.7 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Red Hat
5.9 MEDIUM
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

7
Patch released
Apr 27, 2026 - 14:20 nvd
Patch available
Re-analysis Queued
Apr 20, 2026 - 19:07 vuln.today
cvss_changed
Analysis Generated
Apr 17, 2026 - 22:09 vuln.today
Patch available
Apr 17, 2026 - 20:16 EUVD
EUVD ID Assigned
Apr 17, 2026 - 19:45 euvd
EUVD-2026-23472
Analysis Generated
Apr 17, 2026 - 19:45 vuln.today
CVE Published
Apr 17, 2026 - 19:27 nvd
CRITICAL 9.3

DescriptionGitHub Advisory

xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks the necessary implementation to validate the 8-byte integrity signature, causing it to be silently ignored. An unauthenticated attacker with man-in-the-middle (MITM) capabilities can exploit this missing check to modify encrypted traffic in transit without detection. It does not affect connections where the TLS security layer is enforced. This issue has been fixed in version 0.10.6. If users are unable to immediately upgrade, they should configure xrdp.ini to enforce TLS security (security_layer=tls) to ensure end-to-end integrity.

AnalysisAI

Missing MAC signature verification in xrdp 0.10.5 and earlier allows man-in-the-middle attackers to modify encrypted RDP traffic without detection when Classic RDP Security layer is used. Unauthenticated network attackers with MITM position can alter packet contents in transit, achieving high integrity and confidentiality impact on both vulnerable and subsequent systems (CVSS 9.3, CVSS:4.0 with scope change). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Achieve MITM position on network path
Delivery
Intercept RDP connection during Classic Security negotiation
Exploit
Capture encrypted RDP packets in transit
Install
Modify ciphertext bytes targeting specific protocol fields
C2
Recalculate MAC signature for altered packet
Execute
Forward manipulated packet to xrdp server
Impact
Server accepts without integrity verification
Step 8
Execute malicious actions via modified session data

Vulnerability AssessmentAI

Exploitation Three mandatory conditions converge for exploitation: (1) xrdp server configuration permits Classic RDP Security layer - specifically, the security_layer parameter in xrdp.ini must allow 'rdp' or 'negotiate' rather than enforcing 'tls' or 'tls1.2', (2) RDP client negotiates Classic RDP Security during connection establishment rather than selecting TLS-based security (depends on client capabilities and configuration), and (3) attacker achieves active man-in-the-middle network position between client and server, enabling real-time packet interception and modification. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is HIGH but deployment-dependent. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker positions themselves as man-in-the-middle on the network path between an RDP client and xrdp server (via ARP spoofing, rogue WiFi access point, or compromised network infrastructure). When a client initiates an RDP connection that negotiates Classic RDP Security rather than TLS, the attacker intercepts encrypted RDP packets in transit. …
Remediation Primary fix: Upgrade to xrdp version 0.10.6 or later, which implements proper MAC signature verification for Classic RDP Security packets. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running xrdp versions 0.10.5 or earlier using network inventory and configuration management tools. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed

Share

CVE-2026-32105 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy