CVE-2026-32107 — HIGH (8.8)

Q: How severe is CVE-2026-32107?

CVE-2026-32107 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-32107?

Check the references section above for vendor advisories and patch information. Affected products include: Neutrinolabs Xrdp.

Vulnerability Description

xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary code on the system. An additional exploit would be needed to facilitate this. This issue has been fixed in version 0.10.6.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Neutrinolabs	Xrdp	< 0.10.6

Related Weaknesses (CWE)

CWE-273

References

https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6PatchRelease Notes
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-p5m6-7m43-pjv9Vendor Advisory

FAQ

What is CVE-2026-32107?

CVE-2026-32107 is a vulnerability with a CVSS score of 8.8 (HIGH). xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management co...

How severe is CVE-2026-32107?

CVE-2026-32107 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-32107?

Check the references section above for vendor advisories and patch information. Affected products include: Neutrinolabs Xrdp.