THREAT OPS › Threat News › [NVD] CVE-2026-22859 (CRITICAL 9.1) — FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup, causing an out‑of‑bounds read
[NVD] CVE-2026-22859 (CRITICAL 9.1) — FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup, causing an out‑of‑bounds read
CVE-2026-22859 CVSS: 9.1 CRITICAL Published: 2026-01-14T18:16:43.657
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup, causing an out‑of‑bounds read. This vulnerability is fixed in 3.20.1.
MITRE ATT&CK techniques
- Remote Desktop ProtocolT1021.001
Indicators of compromise
- CVE-2026-22859cve
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-22859