CVE-2026-35512Neutrinolabs · Xrdp
Vulnerability data via NVD (ingested)
xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX (graphics dynamic virtual channel) implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication exploitation can crash the process, while post-authentication exploitation may achieve remote code execution. This issue has been fixed in version 0.10.6. If users are unable to immediately update, they should run xrdp as a non-privileged user (default since 0.10.2) to limit the impact of successful exploitation.
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
vuln:CVE-2026-35512product:"Neutrinolabs Xrdp"http.html:"Xrdp"More intel sources (5)
vuln:CVE-2026-35512vulnerabilities.cve_id: CVE-2026-35512CVE-2026-35512CVE-2026-35512"CVE-2026-35512" exploit -site:nvd.nist.gov