CVE-2026-22859— FreeRDP has a heap-buffer-overflow in urb_select_configuration

EPSS 0.09% · P25 Updated Jan 15, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-22859

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

FreeRDP has a heap-buffer-overflow in urb_select_configuration

Source: NVD (National Vulnerability Database)

Vulnerability Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup, causing an out‑of‑bounds read. This vulnerability is fixed in 3.20.1.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

跨界内存读

Source: NVD (National Vulnerability Database)

Vulnerability Title

FreeRDP 输入验证错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

FreeRDP是FreeRDP团队的一款开源的远程桌面协议（RDP）的实现。 FreeRDP 3.20.1之前版本存在输入验证错误漏洞，该漏洞源于URBDRC客户端未对服务器提供的MSUSB_INTERFACE_DESCRIPTOR值执行边界检查，可能导致越界读取。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
FreeRDP	FreeRDP	< 3.20.1	-

II. Public POCs for CVE-2026-22859

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-22859

请登录查看更多情报信息。

Same Patch Batch · FreeRDP · 2026-01-14 · 9 CVEs total

CVE-2026-22852		FreeRDP has a heap-buffer-overflow in audin_process_formats
CVE-2026-22853		FreeRDP has a heap-buffer-overflow in ndr_read_uint8Array
CVE-2026-22851		FreeRDP RDPGFX ResetGraphics race leads to use-after-free in SDL client (sdl->primary)
CVE-2026-22854		FreeRDP has a heap-buffer-overflow in drive_process_irp_read
CVE-2026-22857		FreeRDP has a heap-use-after-free in irp_thread_func
CVE-2026-22855		FreeRDP has a heap-buffer-overflow in smartcard_unpack_set_attrib_call
CVE-2026-22858		FreeRDP has a global-buffer-overflow in crypto_base64_decode
CVE-2026-22856		FreeRDP has a heap-use-after-free in create_irp_thread

IV. Related Vulnerabilities

Same product: FreeRDP

Same vendor: FreeRDP

Same weakness: CWE-125

V. Comments for CVE-2026-22859

Anonymous User

2026-01-15 06:08:15

Zaproxy alias impedit expedita quisquam pariatur exercitationem. Nemo rerum eveniet dolores rem quia dignissimos.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-22859— FreeRDP has a heap-buffer-overflow in urb_select_configuration

I. Basic Information for CVE-2026-22859

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-22859

III. Intelligence Information for CVE-2026-22859

Same Patch Batch · FreeRDP · 2026-01-14 · 9 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-22859

Anonymous User

Leave a comment