Skip to main content

Suse CVE-2026-32623

| EUVDEUVD-2026-23504 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-04-17 GitHub_M
7.7
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

8
Patch released
Apr 27, 2026 - 14:18 nvd
Patch available
Re-analysis Queued
Apr 20, 2026 - 19:07 vuln.today
cvss_changed
Patch available
Apr 17, 2026 - 21:16 EUVD
Analysis Generated
Apr 17, 2026 - 20:38 vuln.today
CVSS changed
Apr 17, 2026 - 20:22 NVD
7.7 (HIGH)
EUVD ID Assigned
Apr 17, 2026 - 20:15 euvd
EUVD-2026-23504
Analysis Generated
Apr 17, 2026 - 20:15 vuln.today
CVE Published
Apr 17, 2026 - 19:43 nvd
HIGH 7.7

DescriptionGitHub Advisory

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against its allocated memory buffer. A malicious downstream RDP server (or an attacker capable of performing a Man-in-the-Middle attack) could exploit this flaw to cause memory corruption, potentially leading to a Denial of Service (DoS) or Remote Code Execution (RCE). The NeutrinoRDP module is not built by default. This vulnerability only affects environments where the module has been explicitly compiled and enabled. Users can verify if the module is built by checking for --enable-neutrinordp in the output of the xrdp -v command. This issue has been fixed in version 0.10.6.

AnalysisAI

Heap-based buffer overflow in xrdp's NeutrinoRDP module (versions ≤0.10.5) enables malicious downstream RDP servers or MitM attackers to achieve remote code execution or denial of service when proxying RDP sessions. Exploitation requires the victim xrdp server to have the non-default NeutrinoRDP module compiled and enabled (--enable-neutrinordp), and a user must initiate an RDP session through the affected proxy to a malicious server. EPSS data unavailable; no CISA KEV listing indicates targeted rather than widespread exploitation. Fixed in version 0.10.6.

Technical ContextAI

xrdp is an open-source Remote Desktop Protocol (RDP) server enabling remote graphical access to Linux systems. The NeutrinoRDP module functions as an RDP proxy client, allowing xrdp to forward sessions to other RDP servers rather than terminating them locally. The vulnerability (CWE-122: Heap-based Buffer Overflow) occurs in the module's virtual channel reassembly logic. RDP virtual channels are used for features like clipboard redirection, file transfer, and audio. When fragmented virtual channel packets arrive from the downstream server, NeutrinoRDP reassembles them without validating that the total reassembled data size fits within the pre-allocated heap buffer. This classic memory safety issue allows controlled heap corruption through malformed RDP protocol messages. The affected product per CPE data is cpe:2.3:a:neutrinolabs:xrdp:*:*:*:*:*:*:*:* versions through 0.10.5.

RemediationAI

Upgrade to xrdp version 0.10.6 or later, available at https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6. Organizations using package managers should wait for distribution maintainers to backport the fix or compile from source. For systems that cannot immediately upgrade, disable the NeutrinoRDP module by recompiling xrdp without the --enable-neutrinordp flag, then restart the xrdp service. This workaround eliminates RDP proxy functionality but prevents exploitation with no other side effects if proxy mode is not required. If proxy functionality is business-critical and patching is delayed, implement network segmentation to ensure xrdp servers only proxy connections to trusted, internally-controlled RDP servers-never to external or user-specified destinations. This compensating control blocks the malicious-server attack vector but does not protect against MitM scenarios on untrusted networks. Deploy connection monitoring to alert on RDP sessions to unexpected destination IPs. Each mitigation trades functionality or administrative overhead against immediate risk reduction.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed

Share

CVE-2026-32623 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy