Skip to main content

Suse CVE-2026-35512

| EUVDEUVD-2026-23519 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-04-17 GitHub_M
8.7
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Patch released
Apr 27, 2026 - 14:14 nvd
Patch available
Re-analysis Queued
Apr 20, 2026 - 19:07 vuln.today
cvss_changed
Analysis Generated
Apr 17, 2026 - 23:48 vuln.today
Patch available
Apr 17, 2026 - 21:16 EUVD
EUVD ID Assigned
Apr 17, 2026 - 20:45 euvd
EUVD-2026-23519
Analysis Generated
Apr 17, 2026 - 20:45 vuln.today
CVE Published
Apr 17, 2026 - 20:21 nvd
HIGH 8.7

DescriptionGitHub Advisory

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX (graphics dynamic virtual channel) implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication exploitation can crash the process, while post-authentication exploitation may achieve remote code execution. This issue has been fixed in version 0.10.6. If users are unable to immediately update, they should run xrdp as a non-privileged user (default since 0.10.2) to limit the impact of successful exploitation.

AnalysisAI

Heap-based buffer overflow in xrdp 0.10.5 and earlier allows remote code execution after authentication via malicious EGFX graphics channel PDUs. Authenticated attackers can exploit insufficient validation of client-controlled size parameters to write beyond allocated heap buffers. Unauthenticated attackers can only trigger denial-of-service crashes. Vendor-released patch available in version 0.10.6. No active exploitation confirmed (not in CISA KEV), but heap overflows in remote services are high-value targets. Default non-privileged execution since 0.10.2 limits post-compromise impact.

Technical ContextAI

xrdp is an open-source implementation of Microsoft's Remote Desktop Protocol (RDP) server for Unix-like systems. The vulnerability resides in the EGFX (Enhanced Graphics Dynamic Virtual Channel) implementation, which handles graphics acceleration data. The CWE-122 (heap-based buffer overflow) occurs when xrdp fails to validate size parameters embedded in client-supplied EGFX Protocol Data Units (PDUs) before allocating or writing to heap memory. In RDP, dynamic virtual channels like EGFX allow client-server data exchange for specialized features; improper bounds checking in these parsers is a common vulnerability class. Affected product per CPE: neutrinolabs xrdp versions prior to 0.10.6.

RemediationAI

Upgrade to xrdp version 0.10.6 or later, released by neutrinolabs and available at https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6. This version contains fixes for the EGFX heap overflow vulnerability. If immediate upgrade is not possible, ensure xrdp runs as a non-privileged user (default configuration since version 0.10.2), which limits the impact of successful RCE to the privileges of that user account rather than root. Additional compensating controls: restrict network access to xrdp (default port 3389) to trusted networks only using firewall rules, implement strong authentication mechanisms to reduce credential compromise risk, monitor xrdp logs for unusual EGFX channel activity or crash patterns, and consider disabling EGFX graphics redirection if not required (this reduces functionality but eliminates the attack surface). These controls do not prevent exploitation but reduce likelihood and impact.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed

Share

CVE-2026-35512 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy