FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in update_read_delta_points in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeof(DELTA_POINT), allowing a malicious RDP peer to allocate an undersized heap buffer and then write beyond it during initialization. This issue is fixed in version 3.28.0.
CVE-2026-57156
This high-severity CVE scores 8.6 under a secondary CVSS source (NVD's own analysis pending). EPSS exploit probability: 0.5%, top 59% of all CVEs by exploit prediction. GitHub Security Advisory data not yet ingested — confidence will rise once GHSA publishes (typical lag: hours to days for open-source ecosystem CVEs; never for infrastructure-only CVEs).
- High severity, but no confirmed exploitation yet
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 9.8
- EG Score
- 8.6(medium)
- EPSS
- 41.0%
- KEV
- Not listed
Published
July 10, 2026
Last Modified
July 14, 2026
Advisory Details (4)
Auto-updated Jul 14, 2026Integer overflow leading to heap buffer overflow in FreeRDP Orders Delta Points parsing · Advisory · FreeRDP/FreeRDP · GitHub
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-v5wf-j8j4-77h73.28.0
Patch available: FreeRDP/FreeRDP 3.28.0
https://github.com/FreeRDP/FreeRDP/releases/tag/3.28.0[core,orders] fix inverted overflow guard in update_read_delta_points
Fix merged in FreeRDP/FreeRDP PR #12938 on 2026-06-22 — awaiting tagged release
https://github.com/FreeRDP/FreeRDP/pull/12938commit 487f35daccb3 (FreeRDP/FreeRDP)
Fix landed in FreeRDP/FreeRDP commit 487f35daccb3 — awaiting tagged release
https://github.com/FreeRDP/FreeRDP/commit/487f35daccb36a6224e530dcd8fa60850825f823Weakness Classification(2)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Data Freshness Timeline
(refreshed 13× in last 7d / 13× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
- 2026-07-14 01:43 UTCNVD updateCVSS v3 → 9.8 · severity → CRITICAL
- 2026-07-13 22:31 UTCEPSS rescore
- 2026-07-13 20:43 UTCEG score recompute
- 2026-07-13 08:36 UTCEG score recompute
- 2026-07-13 06:13 UTCEPSS rescore
- 2026-07-13 06:13 UTCEPSS rescore
- 2026-07-12 20:30 UTCEG score recompute
- 2026-07-12 08:23 UTCEG score recompute
- 2026-07-12 05:46 UTCEPSS rescore
- 2026-07-11 20:17 UTCEG score recompute
- 2026-07-11 08:10 UTCEG score recompute
- 2026-07-10 20:03 UTCEG score recompute
- 2026-07-10 20:02 UTCMITRE cvelistV5first tracked
Related CVEs(same CWE)
Same CWE
10 shownCWE-122 · CWE-190
- CVE-2006-10003EG 9.8CRITICAL
- CVE-2009-0947EG 9.8CRITICAL
- CVE-2013-2729EG 9.8 KEVEPSS 99%CRITICAL
- CVE-2005-1141EG 9.8CRITICAL
- CVE-2005-0102EG 9.8CRITICAL
- CVE-2002-0391EG 9.8EPSS 99%CRITICAL
- CVE-2002-0639EG 9.8EPSS 97%CRITICAL
- CVE-2013-2596NVD 7.8EG 9.0 KEVHIGH
- CVE-2012-5054NVD 8.8EG 9.0 KEVEPSS 97%HIGH
- CVE-2011-1823NVD 7.8EG 9.0 KEVEPSS 99%HIGH
Frequently asked(5)
What is CVE-2026-57156?
When was CVE-2026-57156 disclosed?
Is CVE-2026-57156 actively exploited?
What is the CVSS score of CVE-2026-57156?
How do I remediate CVE-2026-57156?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2026-57156
Is Your Infrastructure Affected by CVE-2026-57156?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.