The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP     server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline (e.g.,     `xfreerdp`) by sending an RDPGFX ClearCodec surface command with an out-of-bounds destination rectangle.
    The `gdi_SurfaceCommand_ClearCodec()` handler does not call `is_within_surface()` to validate the command     rectangle against the destination surface dimensions, allowing attacker-controlled `cmd->left`/`cmd->top`     (and subcodec rectangle offsets) to reach image copy routines that write into `surface->data` without     bounds enforcement. The OOB write corrupts an adjacent `gdiGfxSurface` struct's `codecs*` pointer with     attacker-controlled pixel data, and corruption of `codecs*` is sufficient to reach an indirect function     pointer call (`NSC_CONTEXT.decode` at `nsc.c:500`) on a subsequent codec command  full instruction     pointer (RIP) control demonstrated in exploitability harness. Users should upgrade to version 3.23.0 to     receive a patch. (CVE-2026-26955)

Note that Nessus relies on the presence of the package as reported by the vendor.

Detections

Analytics

Linux Distros Unpatched Vulnerability : CVE-2026-26955

high Nessus Plugin ID 299994

Version 1.3