Skip to main content

Suse CVE-2026-33689

| EUVDEUVD-2026-23516 HIGH
Out-of-bounds Read (CWE-125)
2026-04-17 GitHub_M
8.7
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

7
Patch released
Apr 27, 2026 - 14:14 nvd
Patch available
Re-analysis Queued
Apr 20, 2026 - 19:07 vuln.today
cvss_changed
Analysis Generated
Apr 17, 2026 - 23:48 vuln.today
Patch available
Apr 17, 2026 - 21:16 EUVD
EUVD ID Assigned
Apr 17, 2026 - 20:45 euvd
EUVD-2026-23516
Analysis Generated
Apr 17, 2026 - 20:45 vuln.today
CVE Published
Apr 17, 2026 - 20:16 nvd
HIGH 8.7

DescriptionGitHub Advisory

xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the initial connection phase. This vulnerability results from insufficient validation of input buffer lengths before processing dynamic channel communication. Successful exploitation can lead to a denial-of-service (DoS) condition via a process crash or potential disclosure of sensitive information from the service's memory space. This issue has been fixed in version 0.10.6.

AnalysisAI

Out-of-bounds read in xrdp 0.10.5 and earlier allows unauthenticated remote attackers to crash the RDP service or disclose memory contents during pre-authentication message parsing. The vulnerability (CWE-125) exploits insufficient buffer length validation in dynamic channel communication handling, affecting default installations exposed to network access. Fixed in version 0.10.6 per vendor advisory GHSA-92mr-6wpp-27jj. CVSS 8.7 reflects high availability impact; no active exploitation confirmed in CISA KEV at time of analysis, though public disclosure increases risk for internet-facing xrdp deployments.

Technical ContextAI

xrdp is an open-source Remote Desktop Protocol (RDP) server enabling remote graphical access to Linux systems, commonly deployed on cloud instances and internal infrastructure. This vulnerability is a classic buffer over-read (CWE-125) occurring in the RDP protocol state machine before authentication completes. The flaw exists in message parsing code that handles dynamic virtual channel communication-a feature allowing arbitrary data exchange between RDP client and server. When processing the initial connection handshake, xrdp fails to validate input buffer lengths against the size of data it attempts to read, allowing crafted packet sequences to trigger reads beyond allocated memory boundaries. This can expose heap or stack memory contents to remote attackers or cause segmentation faults that terminate the xrdp-sesman or xrdp process. Affected product identified via CPE cpe:2.3:a:neutrinolabs:xrdp:*:*:*:*:*:*:*:* covers all versions prior to 0.10.6.

RemediationAI

Upgrade to xrdp version 0.10.6 immediately, as confirmed by vendor release tag v0.10.6 at https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6 and security advisory GHSA-92mr-6wpp-27jj. For Linux distributions, apply vendor-provided security updates when available through package managers (apt, yum, dnf). If immediate patching is not feasible, implement network-level compensating controls: restrict xrdp access (default TCP port 3389) to trusted IP ranges via firewall rules or place behind VPN gateway, eliminating exposure to untrusted networks. This mitigation reduces attack surface but does not eliminate risk from authenticated network users or lateral movement scenarios. For high-security environments unable to patch within 72 hours, consider temporarily disabling xrdp service and using alternative remote access methods (SSH with X11 forwarding, VNC over SSH tunnel). Note that network restrictions may impact legitimate remote users and require coordination with IT operations. Verify patch application by checking xrdp version with 'xrdp --version' command post-upgrade. Monitor xrdp process logs for abnormal connection attempts or crashes that may indicate exploitation attempts against unpatched systems.

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed

Share

CVE-2026-33689 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy