The xrdp RDP server versions up to 0.10.5 contain multiple vulnerabilities that could allow attackers to exploit the software, leading to potential security breaches.

🚨 EUVD-2026-23474 📊 Score: 8.8/10 (CVSS v3.1) 📦 Product: xrdp 🏢 Vendor: neutrinolabs 📅 Updated: 2026-04-17 📝 xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate pr... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23474 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23472 📊 Score: 9.3/10 (CVSS v3.1) 📦 Product: xrdp 🏢 Vendor: neutrinolabs 📅 Updated: 2026-04-17 📝 xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generat... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23472 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23504 📊 Score: 7.7/10 (CVSS v3.1) 📦 Product: xrdp 🏢 Vendor: neutrinolabs 📅 Updated: 2026-04-17 📝 xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled f... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23504 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23515 📊 Score: 7.7/10 (CVSS v3.1) 📦 Product: xrdp 🏢 Vendor: neutrinolabs 📅 Updated: 2026-04-17 📝 xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticat... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23515 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23506 📊 Score: 6.3/10 (CVSS v3.1) 📦 Product: xrdp 🏢 Vendor: neutrinolabs 📅 Updated: 2026-04-17 📝 xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domain_user_separator is configured in xrdp.ini, an unauthenticated remote attacker can send a craf... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23506 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23510 📊 Score: 6.3/10 (CVSS v3.1) 📦 Product: xrdp 🏢 Vendor: neutrinolabs 📅 Updated: 2026-04-17 📝 xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23510 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23516 📊 Score: 8.7/10 (CVSS v3.1) 📦 Product: xrdp 🏢 Vendor: neutrinolabs 📅 Updated: 2026-04-17 📝 xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of pac... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23516 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23519 📊 Score: 8.7/10 (CVSS v3.1) 📦 Product: xrdp 🏢 Vendor: neutrinolabs 📅 Updated: 2026-04-17 📝 xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX (graphics dynamic virtual channel) implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write ... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23519 #cybersecurity #infosec #euvd #cve #vulnerability