Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Fedora 42 xrdp Remote Code Execution Denial of Service Vulnerability 2026

fedora
Calendar Grey April 28, 2026
Dist Fedora Esm H88
Explore critical security advisory details on xrdp in Fedora 42, fixing multiple vulnerabilities including remote code execution.
Security fixes CVE-2026-32105 CVE-2026-32107 CVE-2026-32623 CVE-2026-32624

Summary

xrdp provides a fully functional RDP server compatible with a wide range

of RDP clients, including FreeRDP and Microsoft RDP client.

Update Information:

Security fixes CVE-2026-32105 CVE-2026-32107 CVE-2026-32623 CVE-2026-32624 CVE-2026-33145 CVE-2026-33516 CVE-2026-33689 CVE-2026-35512 New features Support for xorgxrdp bug fixes #249 and #342 (#3721) Bug fixes Honour pass_shell_as_env setting only if user sets a shell (#3725) We no longer try to create a NULL authentication file when using VNC over UDS (#3727) Problems with the Brazilian ABNT2 keyboard mapping have been corrected (#3728 3736) A 'file exists' error when installing xrdp over an existing installation has been addressed (#3780)

Topics%20covered

Topics Covered

security advisory denial of service fedora critical remote code execution xrdp

Change Log

* Sat Apr 18 2026 Bojan Smojver - 1:0.10.6-1 - Update to 0.10.6 - CVE-2026-32105, CVE-2026-32107, CVE-2026-32623, CVE-2026-32624 - CVE-2026-33145, CVE-2026-33516, CVE-2026-33689, CVE-2026-35512

References


[ 1 ] Bug #2459298 - CVE-2026-32105 xrdp: xrdp: Data integrity compromised due to missing MAC signature verification in Classic RDP Security [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2459298 [ 2 ] Bug #2459302 - CVE-2026-32107 xrdp: xrdp: Privilege Escalation via improper privilege management [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2459302 [ 3 ] Bug #2459616 - CVE-2026-33145 xrdp: xrdp: Arbitrary Command Execution via unsafe handling of AlternateShell parameter [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2459616 [ 4 ] Bug #2459618 - CVE-2026-32623 xrdp: xrdp NeutrinoRDP: Remote Code Execution or Denial of Service via heap-based buffer overflow in fragmented RDP data handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2459618 [ 5 ] Bug #2459620 - CVE-2026-35512 xrdp: xrdp: Remote Code Execution via heap-based buffer overflow [fedora-all] https://bugzilla.redhat.com/sh...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f04c228c78' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: xrdp
Product: Fedora 42
Version: 0.10.6
Release: 1.fc42
URL: http://www.xrdp.org/
Summary: Open source remote desktop protocol (RDP) server

Topics%20covered

Topics Covered

security advisory denial of service fedora critical remote code execution xrdp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here