THREATOPS
THREAT OPSThreat News › [NVD] CVE-2026-22858 (CRITICAL 9.1) — FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned,

[NVD] CVE-2026-22858 (CRITICAL 9.1) — FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned,

lownvdPublished 2026-01-14

CVE-2026-22858 CVSS: 9.1 CRITICAL Published: 2026-01-14T18:16:43.520

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c <= 0 can be optimized into a simple

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-22858