Back to overview

CVE-2026-56297

HIGH Exploitation: PoC
7.0
CVSS 3.1
Description
FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcman_channel_close and dvcman_call_on_receive due to improper synchronization of channel_callback access. A malicious RDP server can trigger a race condition by sending DYNVC_DATA and DYNVC_CLOSE messages concurrently, causing heap-use-after-free in the drdynvc client thread and potentially enabling remote code execution or denial of service.

Metadata

CVE ID
CVE-2026-56297
State
PUBLISHED
Assigner
VulnCheck
Reserved
2026-06-20 12:49 UTC
Published
2026-07-08 13:49 UTC
Last updated
2026-07-08 14:23 UTC
Primary CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Syn…
Vendor / Product
FreeRDP / FreeRDP
Sources
cve.org  ·  NVD

Severity & Metrics

7.0 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
SSVC — CISA Coordinator
Exploitation
PoC
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
FreeRDP FreeRDP 0 < 3.22.0, 3.22.0
Weakness (CWE)
CWESourceDescription
CWE-362 cna Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS scores (2)
ScoreSeverityVersionSourceVector
8.3 HIGH 4.0 cna CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
7.0 HIGH 3.1 cna CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
References (2)
Back to overview