How severe is CVE-2026-22857?

The severity of CVE-2026-22857 has not been assessed with CVSS v3.

CVE-2026-22857

NONE

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then accessed again on

Publicado: 1/14/2026Atualizado: 1/14/2026

Descrição

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then accessed again on the error path. This vulnerability is fixed in 3.20.1.

Análise IADesenvolvido por IA

Referências

https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4gxq-jhq6-4cr8