CVE-2026-40254 | FreeRDP up to 3.24.x Remote Desktop Protocol drive_file.c contains_dotdot off-by-one (GHSA-3xpj-m4hx-8vmx)

A vulnerability described as problematic has been identified in FreeRDP up to 3.24.x. This vulnerability affects the function contains_dotdot of the file channels/drive/client/drive_file.c of the component Remote Desktop Protocol. Such manipulation leads to off-by-one.

This vulnerability is uniquely identified as CVE-2026-40254. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More