Home / Vulnerability Intelligence / CVE-2026-31885

CVE-2026-31885 - Vulnerability Analysis

MediumCVSS: 6.5

Last Updated: March 17, 2026

FreeRDP - Denial of Service

Published: March 13, 2026Updated: March 17, 2026PoC AvailableRemote Exploitable

Overview

FreeRDP < 3.24.0 contains an out-of-bounds read caused by unchecked predictor and step_index values in MS-ADPCM and IMA-ADPCM decoders, letting attackers cause denial of service, exploit requires crafted input data.

Severity & Score

Severity: Medium

CVSS Score: 6.5

Impact

Attackers can cause denial of service by triggering out-of-bounds read, potentially crashing the application.

Mitigation

Update to version 3.24.0 or later.

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h23r-3988-3wf3
https://github.com/FreeRDP/FreeRDP/commit/16df2300e1e3f5a51f68fb1626429e58b531b7c8

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-31885
Severity: Medium
CVSS Score: 6.5
Type: out_of_bounds_rw
Status: confirmed

CWE

CWE-125

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N