CVE-2026-35512

moderate-risk

Published 2026-04-17

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX (graphics dynamic virtual channel) implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication exploitation can crash the process, while post-authentication exploitation may achieve remote code execution. This issue has been fixed in version 0.10.6. If users are unable to immediately update, they should run xrdp as a non-privileged user (default since 0.10.2) to limit the impact of successful exploitation.

Do I need to act?

0.49% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (1)

Xrdp

Affected Vendors

Neutrinolabs

References (2)

Patch https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6

Vendor Advisory https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-jg6p-7fg8-9hh6

/ 100

moderate-risk

Severity 30/34 · Critical

Exploitability 2/34 · Minimal

Exposure 5/34 · Minimal