CVE-2026-27951 – FreeRDP has possible Integer overflow in Stream_EnsureCapacity

CVE ID : CVE-2026-27951

Published : Feb. 25, 2026, 10:16 p.m. | 52 minutes ago

Description : FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function `Stream_EnsureCapacity` can create an endless blocking loop. This may affect all client and server implementations using `FreeRDP`. For practical exploitation this will only work on 32bit systems where the available physical memory is `>= SIZE_MAX`. Version 3.23.0 contains a patch. No known workarounds are available.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…