CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-45700 — FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0...

·Source: NIST NVD

Updated:

Executive Summary

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/planar.c, freerdp_bitmap_decompress_planar() validates the X destination coordinate nXDst against the caller-provided destination stride (nDstStep) even when it is writing into the internal temp buffer p

Analysis

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/planar.c, freerdp_bitmap_decompress_planar() validates the X destination coordinate nXDst against the caller-provided destination stride (nDstStep) even when it is writing into the internal temp buffer pTempData. An attacker can bypass the check with a large nDstStep and a large nXDst, causing planar_decompress_plane_rle() to write past the end of pTempData. This vulnerability is fixed in 3.26.0. CVSS Score: 9.8. Published: 2026-05-29T20:16:27.533.

Indicators of Compromise (1)

CVE (1)
CVE-2026-45700
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on May 29, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

Trump Signs Voluntary AI Cyber Review Order

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/trump-signs-voluntary-ai-cyber-review-order-image_small-6-a-31833.jpg" align=right hspace=4><b>White House Cuts Proposed AI Review Period From 90 Days to 30</b><br>President Trump signed an executive order creating a voluntary framework for evaluating advanced AI systems with significant cybersecurity capabilities, directing NSA,

Bank Info Security
MEDIUMVulnerabilityNEW

White House unveils pared-back AI executive order

The order notes that federal access to the models should be subject to “appropriate confidentiality, cybersecurity, insider-risk, and intellectual-property protection, use, and nondisclosure requirements.”

The Record
MEDIUMVulnerabilityNEW

EBA and NYDFS ink stablecoin MoU

The European Banking Authority (EBA) has signed a Memorandum of Understanding (MoU) with the New York State Department of Financial Services (NYDFS) under the Markets in Crypto-Assets Regulation (MiCA).

Finextra