Vulnerability Key Information Package Package Name: FreeRDP Vulnerability Details Vulnerability Type: Heap-use-after-free in Affected Versions: <= 3.21.0 Patched Version: 3.22.0 Severity: Moderate CVE ID: CVE-2026-24683 CWE: CWE-416 Summary The caches in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Technical Details File: Issue: reads into a local variable and then uses it to call without locking. On Channel Close: frees the callback; a race between close and input events can invalidate the cached pointer. Impact A malicious server can trigger a client-side heap use after free, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout. Fixed With Commit: d9ca272