CVE-2026-40254

medium

Red Hat

CVSS v3 Base Score

6.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.0%

Exploitation probability in 30 days

Top 92% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Confidentiality

Low

Integrity

Low

Availability

None

Published: April 24, 2026 (20 days ago)

Last Modified: April 24, 2026

Vendor: Red Hat

Source: REDHAT

Description

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A rogue Remote Desktop Protocol (RDP) server can exploit an off-by-one error in the path traversal filter. This allows the server to read, list, or write files in the directory above the client's shared folder when the victim connects with drive redirection enabled. This vulnerability can lead to unauthorized information disclosure and arbitrary file modification.

CWE

CWE-193

Affected Products

Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com

CVE-2026-40254

Vulnerability Report

Description

CWE

Affected Products

References