{"id":"RHSA-2026:6340","summary":"Red Hat Security Advisory: freerdp security update","modified":"2026-04-02T10:38:54.362974Z","published":"2026-04-02T10:18:58Z","upstream":["CVE-2026-22852","CVE-2026-22854","CVE-2026-22856","CVE-2026-23732","CVE-2026-23948","CVE-2026-24491","CVE-2026-24675","CVE-2026-24676","CVE-2026-24679","CVE-2026-24681","CVE-2026-24683","CVE-2026-24684","CVE-2026-31806"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:6340"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#important"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429650"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429652"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429654"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430881"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438201"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438202"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438207"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438208"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438210"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438216"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438217"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438221"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2447376"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6340.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-22852"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-22852"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22852"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9chc-g79v-4qq4"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-22854"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-22854"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22854"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-47vj-g3c3-3rmf"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-22856"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-22856"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22856"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w842-c386-fxhv"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-23732"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-23732"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23732"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/blob/f96ee2a6dd02739325c2a4e36a14978b561f00ea/libfreerdp/cache/glyph.c#L463-L480"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/blob/f96ee2a6dd02739325c2a4e36a14978b561f00ea/libfreerdp/codec/color.c#L261-L277"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/blob/f96ee2a6dd02739325c2a4e36a14978b561f00ea/libfreerdp/core/graphics.c#L138"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/blob/f96ee2a6dd02739325c2a4e36a14978b561f00ea/libfreerdp/core/orders.c#L2186C17-L2199"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7qxp-j2fj-c3pp"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-23948"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-23948"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23948"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/4d44e3c097656a8b9ec696353647b0888ca45860"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6f3c-qvqq-2px5"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-24491"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-24491"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24491"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/e02e052f6692550e539d10f99de9c35a23492db2"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4x6j-w49r-869g"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-24675"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-24675"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24675"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/d676518809c319eec15911c705c13536036af2ae"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x9jr-99h2-g7mj"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-24676"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-24676"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24676"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/026b81ae5831ac1598d8f7371e0d0996fac7db00"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qh5p-frq4-pgxj"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-24679"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-24679"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24679"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/2d563a50be17c1b407ca448b1321378c0726dd31"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2jp4-67x6-gv7x"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-24681"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-24681"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24681"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/414f701464929c217f2509bcbd6d2c1f00f7ed73"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-ccvv-hg2w-6x9j"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-24683"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-24683"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24683"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/d9ca272dce7a776ab475e9b1a8e8c3d2968c8486"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-45pf-68pj-fg8q"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-24684"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-24684"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24684"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/622bb7b4402491ca003f47472d0e478132673696"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/afa6851dc80835d3101e40fcef51b6c5c0f43ea5"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vcgv-xgjp-h83q"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-31806"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-31806"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31806"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/commit/83d9aedea278a74af3e490ff5eeb889c016dbb2b"},{"type":"ARTICLE","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrqm-46rj-cmx2"}],"affected":[{"package":{"name":"freerdp","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/freerdp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.11.7-1.el9_7.5"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:6340.json"}},{"package":{"name":"freerdp-debuginfo","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/freerdp-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.11.7-1.el9_7.5"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:6340.json"}},{"package":{"name":"freerdp-debugsource","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/freerdp-debugsource"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.11.7-1.el9_7.5"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:6340.json"}},{"package":{"name":"freerdp-devel","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/freerdp-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.11.7-1.el9_7.5"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:6340.json"}},{"package":{"name":"freerdp-libs","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/freerdp-libs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.11.7-1.el9_7.5"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:6340.json"}},{"package":{"name":"freerdp-libs-debuginfo","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/freerdp-libs-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.11.7-1.el9_7.5"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:6340.json"}},{"package":{"name":"libwinpr","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/libwinpr"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.11.7-1.el9_7.5"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:6340.json"}},{"package":{"name":"libwinpr-debuginfo","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/libwinpr-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.11.7-1.el9_7.5"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:6340.json"}},{"package":{"name":"libwinpr-devel","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/libwinpr-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.11.7-1.el9_7.5"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:6340.json"}},{"package":{"name":"freerdp","ecosystem":"Red Hat:enterprise_linux:9::crb","purl":"pkg:rpm/redhat/freerdp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.11.7-1.el9_7.5"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:6340.json"}},{"package":{"name":"freerdp-debuginfo","ecosystem":"Red Hat:enterprise_linux:9::crb","purl":"pkg:rpm/redhat/freerdp-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.11.7-1.el9_7.5"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:6340.json"}},{"package":{"name":"freerdp-debugsource","ecosystem":"Red Hat:enterprise_linux:9::crb","purl":"pkg:rpm/redhat/freerdp-debugsource"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.11.7-1.el9_7.5"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:6340.json"}},{"package":{"name":"freerdp-devel","ecosystem":"Red Hat:enterprise_linux:9::crb","purl":"pkg:rpm/redhat/freerdp-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.11.7-1.el9_7.5"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:6340.json"}},{"package":{"name":"freerdp-libs","ecosystem":"Red Hat:enterprise_linux:9::crb","purl":"pkg:rpm/redhat/freerdp-libs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.11.7-1.el9_7.5"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:6340.json"}},{"package":{"name":"freerdp-libs-debuginfo","ecosystem":"Red Hat:enterprise_linux:9::crb","purl":"pkg:rpm/redhat/freerdp-libs-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.11.7-1.el9_7.5"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:6340.json"}},{"package":{"name":"libwinpr","ecosystem":"Red Hat:enterprise_linux:9::crb","purl":"pkg:rpm/redhat/libwinpr"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.11.7-1.el9_7.5"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:6340.json"}},{"package":{"name":"libwinpr-debuginfo","ecosystem":"Red Hat:enterprise_linux:9::crb","purl":"pkg:rpm/redhat/libwinpr-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.11.7-1.el9_7.5"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:6340.json"}},{"package":{"name":"libwinpr-devel","ecosystem":"Red Hat:enterprise_linux:9::crb","purl":"pkg:rpm/redhat/libwinpr-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.11.7-1.el9_7.5"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:6340.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}