Skip to main content

Red Hat CVE-2026-40254

| EUVDEUVD-2026-25381 MEDIUM
Off-by-one Error (CWE-193)
2026-04-24 GitHub_M
4.2
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
4.2 MEDIUM
AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
SUSE
MEDIUM
qualitative
Red Hat
6.1 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

6
Patch released
Apr 27, 2026 - 17:44 nvd
Patch available
Patch available
Apr 24, 2026 - 05:01 EUVD
Analysis Generated
Apr 24, 2026 - 03:31 vuln.today
EUVD ID Assigned
Apr 24, 2026 - 03:00 euvd
EUVD-2026-25381
Analysis Generated
Apr 24, 2026 - 03:00 vuln.today
CVE Published
Apr 24, 2026 - 02:24 nvd
MEDIUM 4.2

DescriptionGitHub Advisory

FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path traversal filter in channels/drive/client/drive_file.c. The contains_dotdot() function catches ../ and ..\ mid-path but misses .. when it's the last component with no trailing separator. A rogue RDP server can read, list, or write files one directory above the client's shared folder through RDPDR requests. This requires the victim to connect with drive redirection enabled. Version 3.25.0 patches the issue.

AnalysisAI

FreeRDP versions prior to 3.25.0 allow path traversal attacks through an off-by-one error in the drive redirection filter, enabling rogue RDP servers to read, list, or write files one directory above the client's shared folder via RDPDR requests. Exploitation requires the victim to connect with drive redirection enabled and interact with a malicious RDP server, making this a user-interaction-dependent remote attack with moderate CVSS score (4.2) but real-world impact limited by connection and configuration requirements.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed

Share

CVE-2026-40254 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy