CVE-2026-23948— FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()

EPSS 0.02% · P6 Updated Feb 11, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-23948

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()

Source: NVD (National Vulnerability Database)

Vulnerability Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2() allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability is fixed in 3.22.0.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

空指针解引用

Source: NVD (National Vulnerability Database)

Vulnerability Title

FreeRDP 代码问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

FreeRDP是FreeRDP团队的一款开源的远程桌面协议（RDP）的实现。 FreeRDP 3.22.0之前版本存在代码问题漏洞，该漏洞源于rdp_write_logon_info_v2函数存在空指针取消引用，可能导致恶意RDP服务器使FreeRDP代理崩溃。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
FreeRDP	FreeRDP	< 3.22.0	-

II. Public POCs for CVE-2026-23948

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-23948

Please Login to view more intelligence information

Same Patch Batch · FreeRDP · 2026-02-09 · 12 CVEs total

CVE-2026-24675		FreeRDP has a Heap-use-after-free in urb_select_interface
CVE-2026-24679		FreeRDP has a heap-buffer-overflow in urb_select_interface
CVE-2026-24677		FreeRDP has a heap-buffer-overflow in ecam_encoder_compress_h264
CVE-2026-24491		FreeRDP has a heap-use-after-free in video_timer
CVE-2026-24684		FreeRDP has a Heap-use-after-free in play_thread
CVE-2026-24681		FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb
CVE-2026-24678		FreeRDP has a Heap-use-after-free in cam_v4l_stream_capture_thread
CVE-2026-24682		FreeRDP has a Heap-buffer-overflow in audio_formats_free
CVE-2026-24676		FreeRDP has a heap-use-after-free in audio_format_compatible
CVE-2026-24683		FreeRDP has a heap-use-after-free in ainput_send_input_event
CVE-2026-24680		FreeRDP has a heap-use-after-free in update_pointer_new(SDL)

IV. Related Vulnerabilities

Same product: FreeRDP

Same vendor: FreeRDP

Same weakness: CWE-476

V. Comments for CVE-2026-23948

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-23948— FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()

I. Basic Information for CVE-2026-23948

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-23948

III. Intelligence Information for CVE-2026-23948

Same Patch Batch · FreeRDP · 2026-02-09 · 12 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-23948

Leave a comment