For those making use of the open-source FreeRDP project for your Remote Desktop Protocol (RDP) needs, FreeRDP 3.23 is out today with 11 CVEs addressed in taking care of various security-related issues that have been uncovered.
FreeRDP 3.23 addresses 11 different CVEs assigned this year that the developers sorted through following an in-depth analysis of the FreeRDP client code. FreeRDP 3.23 should be much better now on the client security side. The CVEs include CVE-2026-26965, CVE-2026-26955, CVE-2026-26271, CVE-2026-25997, CVE-2026-25959, CVE-2026-25955, CVE-2026-25954, CVE-2026-25953, CVE-2026-25952, CVE-2026-25942, and CVE-2026-25941. The issues include multiple out-of-bounds writes, client denial of service possibilities, heap-use-after-free bugs, a global buffer overflow, and more. Separately there is also another integer overflow fixi n this FreeRDP release too.
FreeRDP 3.23 also introduces configuration isolation support.
For end users the FreeRDP 3.23 release is also exciting for improvements to its SDL client. The FreeRDP SDL client now supports multiple monitors as well as HiDPI modes being in much better shape.
Downloads and more details on the FreeRDP 3.23 release via GitHub.
