What is the CVSS score of CVE-2026-33987?

CVE-2026-33987 has a CVSS 3.1 base score of 7.1 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Red Hat are affected by CVE-2026-33987?

CVE-2026-33987 is a heap buffer overflow in FreeRDP versions prior to 3.24.2 that allows local attackers to crash the RDP client and potentially corrupt memory integrity through malformed bitmap…. A patch is available.

Red Hat CVE-2026-33987

EUVD-2026-17235 HIGH

Heap-based Buffer Overflow (CWE-122)

2026-03-30 GitHub_M

Buffer Overflow Heap Overflow Red Hat Suse

7.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 30, 2026 - 22:15 euvd

EUVD-2026-17235

Analysis Generated

Mar 30, 2026 - 22:15 vuln.today

CVE Published

Mar 30, 2026 - 21:43 nvd

HIGH 7.1

DescriptionNVD

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry_v3() in libfreerdp/cache/persistent.c, persistent->bmpSize is updated before winpr_aligned_recalloc(). If realloc fails, bmpSize is inflated while bmpData points to the old buffer. This issue has been patched in version 3.24.2.

AnalysisAI

Heap buffer overflow in FreeRDP's persistent bitmap cache handling allows local attackers to corrupt memory integrity and crash the RDP client. Affecting all versions prior to 3.24.2, the vulnerability (CWE-122) occurs when memory reallocation fails but the buffer size variable is prematurely updated, creating a size/pointer mismatch. …

RemediationAI

Within 24 hours: Identify and document all systems running FreeRDP versions prior to 3.24.2 using asset inventory tools; restrict local user access to affected RDP clients where feasible. Within 7 days: Monitor FreeRDP release channels (GitHub releases, security advisories) for version 3.24.2 or later patch availability; test patched versions in non-production environment. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9277 HIGH This Week

8.1 May 22

Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

Ubuntu

Priority: Medium

freerdp

Release	Status	Version
xenial	needs-triage	-
bionic	needs-triage	-
jammy	DNE	-
noble	DNE	-
questing	DNE	-
upstream	needs-triage	-

freerdp2

Release	Status	Version
bionic	needs-triage	-
focal	needs-triage	-
jammy	needs-triage	-
noble	needs-triage	-
questing	DNE	-
upstream	needs-triage	-

freerdp3

Release	Status	Version
jammy	DNE	-
noble	needs-triage	-
questing	needs-triage	-
upstream	needs-triage	-

Debian