CVE-2026-24681

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urbwritecompletion. This vulnerability is fixed in 3.22.0.

Database specific

{
    "cwe_ids": [
        "CWE-416"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24681.json"
}

References

Affected packages

Git / github.com/freerdp/freerdp

Affected ranges

Type: GIT
Repo: https://github.com/freerdp/freerdp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e3ef4c71138f76516299cb3637d2d0c59b2a3737

Affected versions

1.*

1.0-beta1

1.0-beta2

1.0-beta3

1.0-beta4

1.0-beta5

1.0.0

1.0.1

1.1.0-beta+2013071101

1.1.0-beta1

1.1.0-beta1+android2

1.1.0-beta1+android3

1.1.0-beta1+android4

1.1.0-beta1+android5

1.1.0-beta1+ios1

1.1.0-beta1+ios2

1.1.0-beta1+ios3

1.1.0-beta1+ios4

1.2.0-beta1+android7

1.2.0-beta1+android9

2.*

2.0.0

2.0.0-beta1+android10

2.0.0-beta1+android11

2.0.0-rc0

2.0.0-rc1

2.0.0-rc2

2.0.0-rc3

2.0.0-rc4

3.*

3.0.0

3.0.0-beta1

3.0.0-beta2

3.0.0-beta3

3.0.0-beta4

3.0.0-rc0

3.1.0

3.10.0

3.10.1

3.10.2

3.10.3

3.11.0

3.11.1

3.12.0

3.13.0

3.14.0

3.14.1

3.15.0

3.16.0

3.17.0

3.17.1

3.17.2

3.18.0

3.19.0

3.19.1

3.2.0

3.20.0

3.20.1

3.20.2

3.21.0

3.3.0

3.4.0

3.5.0

3.5.1

3.6.0

3.6.1

3.6.2

3.6.3

3.7.0

3.9.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-24681.json"