Skip to main content

Microsoft EUVDEUVD-2026-23515

| CVE-2026-33516 HIGH
Out-of-bounds Read (CWE-125)
2026-04-17 GitHub_M
7.7
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

8
Patch released
Apr 27, 2026 - 14:15 nvd
Patch available
Re-analysis Queued
Apr 20, 2026 - 19:07 vuln.today
cvss_changed
Patch available
Apr 17, 2026 - 21:16 EUVD
Analysis Generated
Apr 17, 2026 - 20:37 vuln.today
CVSS changed
Apr 17, 2026 - 20:22 NVD
7.7 (HIGH)
EUVD ID Assigned
Apr 17, 2026 - 20:15 euvd
EUVD-2026-23515
Analysis Generated
Apr 17, 2026 - 20:15 vuln.today
CVE Published
Apr 17, 2026 - 19:56 nvd
HIGH 7.7

DescriptionGitHub Advisory

xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerability by sending a specially crafted Confirm Active PDU. Successful exploitation could lead to a denial of service (process crash) or potential disclosure of sensitive information from the process memory. This issue has been fixed in version 0.10.6.

AnalysisAI

Out-of-bounds read in xrdp RDP server versions ≤0.10.5 allows remote unauthenticated attackers to crash the service or disclose process memory by sending a malformed Confirm Active PDU during RDP capability negotiation. Attack complexity is low but requires user interaction. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis. Vendor-released patch available in version 0.10.6 per GitHub security advisory GHSA-rvh9-9wm3-28c7.

Technical ContextAI

xrdp is an open-source implementation of Microsoft's Remote Desktop Protocol (RDP) server for Linux/Unix systems, allowing remote GUI access. This vulnerability (CWE-125: Out-of-bounds Read) occurs during the RDP capability exchange phase, specifically when processing the Confirm Active PDU - a protocol message sent by the client to confirm selected capabilities after receiving the Server Demand Active PDU. The flaw involves accessing memory before validating remaining buffer length, a classic bounds-checking failure in protocol parsing code. Affected product: cpe:2.3:a:neutrinolabs:xrdp:*:*:*:*:*:*:*:* (all versions through 0.10.5). The CVSS 4.0 vector indicates network-accessible (AV:N), low complexity (AC:L), but attack timing is opportunistic (AT:P) and requires user presence (UI:P), suggesting the victim must be in an active RDP session or attempting to connect when the attack occurs.

RemediationAI

Upgrade to xrdp version 0.10.6 or later, released by neutrinoLabs to address this vulnerability (https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6). For systems unable to immediately upgrade, implement network-layer compensating controls: restrict xrdp access (typically TCP port 3389) to trusted IP ranges via firewall rules, deploy behind a VPN or bastion host to eliminate direct internet exposure, or temporarily disable the xrdp service if remote desktop access is not immediately required. Note that restricting network access reduces attack surface but does not eliminate risk from authenticated internal users or compromised trusted networks. Session monitoring and anomaly detection can provide partial mitigation by detecting repeated connection attempts or crashes, but cannot prevent initial exploitation. Upgrade remains the only complete remediation.

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed

Share

EUVD-2026-23515 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy