Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

Fedora 43 xrdp Important Remote Code Exec DoS Vulnern 2026-9417ff0bc5

fedora
Calendar Grey April 28, 2026
Dist Fedora Esm H88
Critical security updates for Fedora 43 xrdp address multiple threats including remote code execution and denial of service.
Security fixes CVE-2026-32105 CVE-2026-32107 CVE-2026-32623 CVE-2026-32624

Summary

xrdp provides a fully functional RDP server compatible with a wide range

of RDP clients, including FreeRDP and Microsoft RDP client.

Update Information:

Security fixes CVE-2026-32105 CVE-2026-32107 CVE-2026-32623 CVE-2026-32624 CVE-2026-33145 CVE-2026-33516 CVE-2026-33689 CVE-2026-35512 New features Support for xorgxrdp bug fixes #249 and #342 (#3721) Bug fixes Honour pass_shell_as_env setting only if user sets a shell (#3725) We no longer try to create a NULL authentication file when using VNC over UDS (#3727) Problems with the Brazilian ABNT2 keyboard mapping have been corrected (#3728 3736) A 'file exists' error when installing xrdp over an existing installation has been addressed (#3780)

Topics%20covered

Topics Covered

security advisory denial of service fedora buffer overflow important remote desktop

Change Log

* Sat Apr 18 2026 Bojan Smojver - 1:0.10.6-1 - Update to 0.10.6 - CVE-2026-32105, CVE-2026-32107, CVE-2026-32623, CVE-2026-32624 - CVE-2026-33145, CVE-2026-33516, CVE-2026-33689, CVE-2026-35512

References


[ 1 ] Bug #2459298 - CVE-2026-32105 xrdp: xrdp: Data integrity compromised due to missing MAC signature verification in Classic RDP Security [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2459298 [ 2 ] Bug #2459302 - CVE-2026-32107 xrdp: xrdp: Privilege Escalation via improper privilege management [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2459302 [ 3 ] Bug #2459616 - CVE-2026-33145 xrdp: xrdp: Arbitrary Command Execution via unsafe handling of AlternateShell parameter [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2459616 [ 4 ] Bug #2459618 - CVE-2026-32623 xrdp: xrdp NeutrinoRDP: Remote Code Execution or Denial of Service via heap-based buffer overflow in fragmented RDP data handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2459618 [ 5 ] Bug #2459620 - CVE-2026-35512 xrdp: xrdp: Remote Code Execution via heap-based buffer overflow [fedora-all] https://bugzilla.redhat.com/sh...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9417ff0bc5' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: xrdp
Product: Fedora 43
Version: 0.10.6
Release: 1.fc43
URL: http://www.xrdp.org/
Summary: Open source remote desktop protocol (RDP) server

Topics%20covered

Topics Covered

security advisory denial of service fedora buffer overflow important remote desktop

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here