Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 08 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcman_channel_close and dvcman_call_on_receive due to improper synchronization of channel_callback access. A malicious RDP server can trigger a race condition by sending DYNVC_DATA and DYNVC_CLOSE messages concurrently, causing heap-use-after-free in the drdynvc client thread and potentially enabling remote code execution or denial of service. | |
| Title | FreeRDP - Use-After-Free via Race Condition in DRDYNVC Channel Callback | |
| First Time appeared |
Freerdp
Freerdp freerdp |
|
| Weaknesses | CWE-362 | |
| CPEs | cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Freerdp
Freerdp freerdp |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-08T14:23:00.749Z
Reserved: 2026-06-20T12:49:17.829Z
Link: CVE-2026-56297
Updated: 2026-07-08T14:22:51.069Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T15:45:03Z