CVE-2026-40254 - FreeRDP: contains_dotdot() off-by-one allows drive channel path traversal via terminal ..
CVE ID :CVE-2026-40254 Published : April 24, 2026, 3:16 a.m. | 36 minutes ago Description :FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path traversal filter in `channels/drive/client/drive_file.c`. The `contains_dotdot()`
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Hackers Exploit SS7 and Diameter Flaws to Track Mobile Users Globally
- [CYBER] Ransomware Gang Unveils Custom Data-Theft Tool
- [CYBER] Hackers Impersonate IT Helpdesk Staff to Breach Firms via Microsoft Teams
- [CYBER] Tanzania: Dar es Salaam Leads As 518 People Reportedly Dead During Oct 29 Unrest
- [CYBER] Bitwarden CLI Compromised After Malicious GitHub Actions Workflow
- [CYBER] CVE-2026-41316 - ERB has an @_init deserialization guard bypass via def_module / def_method / def_class