CVE-2026-40033 | FreeRDP up to 3.25.x gdi_CacheToSurface heap-based overflow

May 26, 2026 Yanac

A vulnerability classified as critical has been found in FreeRDP up to 3.25.x. Affected by this vulnerability is the function gdi_CacheToSurface. The manipulation leads to heap-based buffer overflow.

This vulnerability is documented as CVE-2026-40033. The attack can be initiated remotely. There is not any exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More