Alpine: multiple xrdp packages: security update to 0.10.6-r0

critical Tenable Self-Hosted Container Security Plugin ID 440774

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the
pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by
sending a specially crafted sequence of packets during the initial connection phase. This vulnerability
results from insufficient validation of input buffer lengths before processing dynamic channel
communication. Successful exploitation can lead to a denial-of-service (DoS) condition via a process crash
or potential disclosure of sensitive information from the service's memory space. This issue has been
fixed in version 0.10.6. (CVE-2026-33689)

- xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for
the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classic RDP
Security" layer. While the sender correctly generates signatures, the receiving logic lacks the necessary
implementation to validate the 8-byte integrity signature, causing it to be silently ignored. An
unauthenticated attacker with man-in-the-middle (MITM) capabilities can exploit this missing check to
modify encrypted traffic in transit without detection. It does not affect connections where the TLS
security layer is enforced. This issue has been fixed in version 0.10.6. If users are unable to
immediately upgrade, they should configure xrdp.ini to enforce TLS security (security_layer=tls) to ensure
end-to-end integrity. (CVE-2026-32105)

- xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not
properly handle an error during the privilege drop process. This improper privilege management could allow
an authenticated local attacker to escalate privileges to root and execute arbitrary code on the system.
An additional exploit would be needed to facilitate this. This issue has been fixed in version 0.10.6.
(CVE-2026-32107)

- xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow
vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the
module fails to properly validate the size of reassembled fragmented virtual channel data against its
allocated memory buffer. A malicious downstream RDP server (or an attacker capable of performing a Man-in-
the-Middle attack) could exploit this flaw to cause memory corruption, potentially leading to a Denial of
Service (DoS) or Remote Code Execution (RCE). The NeutrinoRDP module is not built by default. This
vulnerability only affects environments where the module has been explicitly compiled and enabled. Users
can verify if the module is built by checking for --enable-neutrinordp in the output of the xrdp -v
command. This issue has been fixed in version 0.10.6. (CVE-2026-32623)

- xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow
vulnerability in its logon processing. In environments where domain_user_separator is configured in
xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain name
to overflow the internal buffer. This can corrupt adjacent memory regions, potentially leading to a Denial
of Service (DoS) or unexpected behavior. The domain_name_separator directive is commented out by default,
systems are not affected by this vulnerability unless it is intentionally configured. This issue has been
fixed in version 0.10.6. (CVE-2026-32624)

Solution

Update the xrdp library and its related packages to version 0.10.6-r0 or later.

See Also

https://security.alpinelinux.org/vuln/CVE-2026-32105

https://security.alpinelinux.org/vuln/CVE-2026-32107

https://security.alpinelinux.org/vuln/CVE-2026-32623

https://security.alpinelinux.org/vuln/CVE-2026-32624

https://security.alpinelinux.org/vuln/CVE-2026-33145

https://security.alpinelinux.org/vuln/CVE-2026-33516

https://security.alpinelinux.org/vuln/CVE-2026-33689

https://security.alpinelinux.org/vuln/CVE-2026-35512

Plugin Details

Severity: Critical

ID: 440774

Version: Revision 1.7

Type: Local

Published: 4/23/2026

Updated: 6/15/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.9

Percentile: 97

CVSS v2

Risk Factor: High

Base Score: 9.4

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C

CVSS Score Source: CVE-2026-33689

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: Critical

Base Score: 9.3

Threat Score: 7.9

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:H/SI:H/SA:L

CVSS Score Source: CVE-2026-32105

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 4/17/2026

Reference Information

CVE: CVE-2026-32105, CVE-2026-32107, CVE-2026-32623, CVE-2026-32624, CVE-2026-33145, CVE-2026-33516, CVE-2026-33689, CVE-2026-35512