Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2026-26955
CVE-2026-26955:
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline (e.g., xfreerdp) by sending an RDPGFX ClearCodec surface command with an out-of-bounds destination rectangle. The gdi_SurfaceCommand_ClearCodec() handler does not call is_within_surface() to validate the command rectangle against the destination surface dimensions, allowing attacker-controlled cmd->left/cmd->top (and subcodec rectangle offsets) to reach image copy routines that write into surface->data without bounds enforcement. The OOB write corrupts an adjacent gdiGfxSurface struct's codecs* pointer with attacker-controlled pixel data, and corruption of codecs* is sufficient to reach an indirect function pointer call (NSC_CONTEXT.decode at nsc.c:500) on a subsequent codec command — full instruction pointer (RIP) control demonstrated in exploitability harness. Users should upgrade to version 3.23.0 to receive a patch.
Source: NVD
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management