{"id":"RHSA-2026:19033","summary":"Red Hat Security Advisory: freerdp security update","modified":"2026-05-20T10:32:57.833770057Z","published":"2026-05-20T10:09:41Z","upstream":["CVE-2026-22852","CVE-2026-22853","CVE-2026-22854","CVE-2026-22855","CVE-2026-22856","CVE-2026-22858","CVE-2026-22859","CVE-2026-23732","CVE-2026-23948","CVE-2026-24491","CVE-2026-24675","CVE-2026-24676","CVE-2026-24678","CVE-2026-24679","CVE-2026-24681","CVE-2026-24682","CVE-2026-24683","CVE-2026-24684","CVE-2026-26955","CVE-2026-26965","CVE-2026-31806","CVE-2026-33983","CVE-2026-33984"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:19033"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#important"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429645"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429647"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429649"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429650"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429652"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429653"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429654"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430881"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438197"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438201"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438202"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438207"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438208"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438210"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438212"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438216"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438217"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438221"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442959"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2443132"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2447376"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2453219"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2453220"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_19033.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-22852"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-22852"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22852"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9chc-g79v-4qq4"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-22853"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-22853"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22853"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-47v9-p4gp-w5ch"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-22854"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-22854"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22854"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-47vj-g3c3-3rmf"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-22855"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-22855"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22855"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rwp3-g84r-6mx9"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-22856"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-22856"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22856"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w842-c386-fxhv"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-22858"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-22858"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22858"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qmqf-m84q-x896"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-22859"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-22859"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22859"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-56f5-76qv-2r36"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-23732"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-23732"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23732"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/blob/f96ee2a6dd02739325c2a4e36a14978b561f00ea/libfreerdp/cache/glyph.c#L463-L480"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/blob/f96ee2a6dd02739325c2a4e36a14978b561f00ea/libfreerdp/codec/color.c#L261-L277"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/blob/f96ee2a6dd02739325c2a4e36a14978b561f00ea/libfreerdp/core/graphics.c#L138"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/blob/f96ee2a6dd02739325c2a4e36a14978b561f00ea/libfreerdp/core/orders.c#L2186C17-L2199"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7qxp-j2fj-c3pp"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-23948"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-23948"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23948"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/4d44e3c097656a8b9ec696353647b0888ca45860"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6f3c-qvqq-2px5"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-24491"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-24491"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24491"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/e02e052f6692550e539d10f99de9c35a23492db2"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4x6j-w49r-869g"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-24675"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-24675"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24675"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/d676518809c319eec15911c705c13536036af2ae"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x9jr-99h2-g7mj"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-24676"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-24676"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24676"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/026b81ae5831ac1598d8f7371e0d0996fac7db00"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qh5p-frq4-pgxj"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-24678"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-24678"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24678"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/f3ab1a16139036179d9852745fdade18fec11600"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6gvg-29wx-6v7h"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-24679"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-24679"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24679"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/2d563a50be17c1b407ca448b1321378c0726dd31"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2jp4-67x6-gv7x"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-24681"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-24681"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24681"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/414f701464929c217f2509bcbd6d2c1f00f7ed73"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-ccvv-hg2w-6x9j"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-24682"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-24682"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24682"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/1c5c74223179d425a1ce6dbbb6a3dd2a958b7aee"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vcw2-pqgw-mx6g"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-24683"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-24683"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24683"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/d9ca272dce7a776ab475e9b1a8e8c3d2968c8486"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-45pf-68pj-fg8q"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-24684"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-24684"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24684"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/622bb7b4402491ca003f47472d0e478132673696"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/afa6851dc80835d3101e40fcef51b6c5c0f43ea5"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vcgv-xgjp-h83q"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-26955"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-26955"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26955"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/7d8fdce2d0ef337cb86cb37fc0c436c905e04d77"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mr6w-ch7c-mqqj"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-26965"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-26965"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26965"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/a0be5cb87d760bb1c803ad1bb835aa1e73e62abc"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5vgf-mw4f-r33h"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-31806"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-31806"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31806"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/83d9aedea278a74af3e490ff5eeb889c016dbb2b"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrqm-46rj-cmx2"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-33983"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-33983"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33983"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/78188ab479c8e6eb9ba2475b3732c76b4bbe5425"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4gfm-4p52-h478"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-33984"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-33984"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33984"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/dc7fdb165095139be779a4000199bc1706b06ad5"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8469-2xcx-frf6"}],"affected":[{"package":{"name":"freerdp","ecosystem":"Red Hat:enterprise_linux:10.2","purl":"pkg:rpm/redhat/freerdp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:3.10.3-12.el10_2.2"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:19033.json"}},{"package":{"name":"freerdp-debuginfo","ecosystem":"Red Hat:enterprise_linux:10.2","purl":"pkg:rpm/redhat/freerdp-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:3.10.3-12.el10_2.2"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:19033.json"}},{"package":{"name":"freerdp-debugsource","ecosystem":"Red Hat:enterprise_linux:10.2","purl":"pkg:rpm/redhat/freerdp-debugsource"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:3.10.3-12.el10_2.2"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:19033.json"}},{"package":{"name":"freerdp-devel","ecosystem":"Red Hat:enterprise_linux:10.2","purl":"pkg:rpm/redhat/freerdp-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:3.10.3-12.el10_2.2"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:19033.json"}},{"package":{"name":"freerdp-libs","ecosystem":"Red Hat:enterprise_linux:10.2","purl":"pkg:rpm/redhat/freerdp-libs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:3.10.3-12.el10_2.2"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:19033.json"}},{"package":{"name":"freerdp-libs-debuginfo","ecosystem":"Red Hat:enterprise_linux:10.2","purl":"pkg:rpm/redhat/freerdp-libs-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:3.10.3-12.el10_2.2"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:19033.json"}},{"package":{"name":"freerdp-server","ecosystem":"Red Hat:enterprise_linux:10.2","purl":"pkg:rpm/redhat/freerdp-server"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:3.10.3-12.el10_2.2"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:19033.json"}},{"package":{"name":"freerdp-server-debuginfo","ecosystem":"Red Hat:enterprise_linux:10.2","purl":"pkg:rpm/redhat/freerdp-server-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:3.10.3-12.el10_2.2"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:19033.json"}},{"package":{"name":"libwinpr","ecosystem":"Red Hat:enterprise_linux:10.2","purl":"pkg:rpm/redhat/libwinpr"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:3.10.3-12.el10_2.2"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:19033.json"}},{"package":{"name":"libwinpr-debuginfo","ecosystem":"Red Hat:enterprise_linux:10.2","purl":"pkg:rpm/redhat/libwinpr-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:3.10.3-12.el10_2.2"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:19033.json"}},{"package":{"name":"libwinpr-devel","ecosystem":"Red Hat:enterprise_linux:10.2","purl":"pkg:rpm/redhat/libwinpr-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:3.10.3-12.el10_2.2"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:19033.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}