QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-25953

Back to search

CVE-2026-25953

Published: Feb 25, 2026

Modified: Feb 26, 2026

PUBLISHED

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reads from a freed `xfAppWindow` because the RDPGFX DVC thread obtains a bare pointer via `xf_rail_get_window` without any lifetime protection, while the main thread can concurrently delete the window through a fastpath window-delete order. Version 3.23.0 fixes the issue.

VendorProductVersions

FreeRDP

FreeRDP

affected
< 3.23.0

Weaknesses (CWE)

CWE-416

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now