Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:
- xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the
pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by
sending a specially crafted sequence of packets during the initial connection phase. This vulnerability
results from insufficient validation of input buffer lengths before processing dynamic channel
communication. Successful exploitation can lead to a denial-of-service (DoS) condition via a process crash
or potential disclosure of sensitive information from the service's memory space. This issue has been
fixed in version 0.10.6. (CVE-2026-33689)
- xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for
the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classic RDP
Security" layer. While the sender correctly generates signatures, the receiving logic lacks the necessary
implementation to validate the 8-byte integrity signature, causing it to be silently ignored. An
unauthenticated attacker with man-in-the-middle (MITM) capabilities can exploit this missing check to
modify encrypted traffic in transit without detection. It does not affect connections where the TLS
security layer is enforced. This issue has been fixed in version 0.10.6. If users are unable to
immediately upgrade, they should configure xrdp.ini to enforce TLS security (security_layer=tls) to ensure
end-to-end integrity. (CVE-2026-32105)
- xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not
properly handle an error during the privilege drop process. This improper privilege management could allow
an authenticated local attacker to escalate privileges to root and execute arbitrary code on the system.
An additional exploit would be needed to facilitate this. This issue has been fixed in version 0.10.6.
(CVE-2026-32107)
- xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow
vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the
module fails to properly validate the size of reassembled fragmented virtual channel data against its
allocated memory buffer. A malicious downstream RDP server (or an attacker capable of performing a Man-in-
the-Middle attack) could exploit this flaw to cause memory corruption, potentially leading to a Denial of
Service (DoS) or Remote Code Execution (RCE). The NeutrinoRDP module is not built by default. This
vulnerability only affects environments where the module has been explicitly compiled and enabled. Users
can verify if the module is built by checking for --enable-neutrinordp in the output of the xrdp -v
command. This issue has been fixed in version 0.10.6. (CVE-2026-32623)
- xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow
vulnerability in its logon processing. In environments where domain_user_separator is configured in
xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain name
to overflow the internal buffer. This can corrupt adjacent memory regions, potentially leading to a Denial
of Service (DoS) or unexpected behavior. The domain_name_separator directive is commented out by default,
systems are not affected by this vulnerability unless it is intentionally configured. This issue has been
fixed in version 0.10.6. (CVE-2026-32624)
Solution
Update the xrdp library and its related packages to version 0.10.6-r0 or later.
Plugin Details
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Threat Vector: CVSS:4.0/E:U
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:H/SI:H/SA:L
Vulnerability Information
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 4/17/2026