FreeRDP 3.23 Addresses 11 CVEs, Improved SDL Client

The open-source FreeRDP project has released version 3.23, addressing 11 security vulnerabilities (CVEs) to enhance the security of its Remote Desktop Protocol (RDP) client.

FreeRDP 3.23 resolves multiple critical security issues identified through a thorough review of the FreeRDP client code. The release addresses the following CVEs: CVE-2026-26965, CVE-2026-26955, CVE-2026-26271, CVE-2026-25997, CVE-2026-25959, CVE-2026-25955, CVE-2026-25954, CVE-2026-25953, CVE-2026-25952, CVE-2026-25942, and CVE-2026-25941. These vulnerabilities range from out-of-bounds writes, heap-use-after-free bugs, client denial-of-service (DoS) possibilities, a global buffer overflow, and other memory-related issues. Additionally, the update also includes a fix for an integer overflow vulnerability.

Alongside security fixes, FreeRDP 3.23 introduces configuration isolation support, improving the handling of user-specific settings and security configurations.

For end users, this release brings notable enhancements to the SDL client. The updated client now supports multi-monitor setups and improved HiDPI modes, offering a much better experience for those using high-resolution displays or extended desktop configurations.

To download FreeRDP 3.23 and view more details, visit the project’s GitHub page.