Out-of-bounds read in URBDRC libusb_udev_select_interface (FreeRDP < 3.22.0)
CVE-2026-24679 Published on February 9, 2026
FreeRDP has a heap-buffer-overflow in urb_select_interface
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusb_udev_select_interface. This vulnerability is fixed in 3.22.0.
Weakness Type
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Products Associated with CVE-2026-24679
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-24679 are published in these products:
Affected Versions
FreeRDP Version < 3.22.0 is affected by CVE-2026-24679Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.