{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32105", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T22:02:38.854Z", "datePublished": "2026-04-17T19:27:39.809Z", "dateUpdated": "2026-04-20T16:22:50.262Z"}, "containers": {"cna": {"title": "xrdp: RDP MAC signature (dataSignature) never verified on receive \u2014 integrity bypass in non-TLS mode", "problemTypes": [{"descriptions": [{"cweId": "CWE-354", "lang": "en", "description": "CWE-354: Improper Validation of Integrity Check Value", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "baseScore": 9.3, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:H/SI:H/SA:L", "version": "4.0"}}], "references": [{"name": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j2jm-c596-c5q3", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j2jm-c596-c5q3"}, {"name": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6", "tags": ["x_refsource_MISC"], "url": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6"}], "affected": [{"vendor": "neutrinolabs", "product": "xrdp", "versions": [{"version": "< 0.10.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-17T19:27:39.809Z"}, "descriptions": [{"lang": "en", "value": "xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the \"Classic RDP Security\" layer. While the sender correctly generates signatures, the receiving logic lacks the necessary implementation to validate the 8-byte integrity signature, causing it to be silently ignored. An unauthenticated attacker with man-in-the-middle (MITM) capabilities can exploit this missing check to modify encrypted traffic in transit without detection. It does not affect connections where the TLS security layer is enforced. This issue has been fixed in version 0.10.6. If users are unable to immediately upgrade, they should configure xrdp.ini to enforce TLS security (security_layer=tls) to ensure end-to-end integrity."}], "source": {"advisory": "GHSA-j2jm-c596-c5q3", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-20T16:22:40.648583Z", "id": "CVE-2026-32105", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T16:22:50.262Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32105", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-20T16:22:40.648583Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T16:22:45.660Z"}}], "cna": {"title": "xrdp: RDP MAC signature (dataSignature) never verified on receive \u2014 integrity bypass in non-TLS mode", "source": {"advisory": "GHSA-j2jm-c596-c5q3", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 9.3, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:H/SI:H/SA:L", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "neutrinolabs", "product": "xrdp", "versions": [{"status": "affected", "version": "< 0.10.6"}]}], "references": [{"url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j2jm-c596-c5q3", "name": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j2jm-c596-c5q3", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6", "name": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the \"Classic RDP Security\" layer. While the sender correctly generates signatures, the receiving logic lacks the necessary implementation to validate the 8-byte integrity signature, causing it to be silently ignored. An unauthenticated attacker with man-in-the-middle (MITM) capabilities can exploit this missing check to modify encrypted traffic in transit without detection. It does not affect connections where the TLS security layer is enforced. This issue has been fixed in version 0.10.6. If users are unable to immediately upgrade, they should configure xrdp.ini to enforce TLS security (security_layer=tls) to ensure end-to-end integrity."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-354", "description": "CWE-354: Improper Validation of Integrity Check Value"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-17T19:27:39.809Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32105", "state": "PUBLISHED", "dateUpdated": "2026-04-20T16:22:50.262Z", "dateReserved": "2026-03-10T22:02:38.854Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-17T19:27:39.809Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the \"Classic RDP Security\" layer. While the sender correctly generates signatures, the receiving logic lacks the necessary implementation to validate the 8-byte integrity signature, causing it to be silently ignored. An unauthenticated attacker with man-in-the-middle (MITM) capabilities can exploit this missing check to modify encrypted traffic in transit without detection. It does not affect connections where the TLS security layer is enforced. This issue has been fixed in version 0.10.6. If users are unable to immediately upgrade, they should configure xrdp.ini to enforce TLS security (security_layer=tls) to ensure end-to-end integrity."}], "id": "CVE-2026-32105", "lastModified": "2026-04-20T19:03:07.607", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-17T20:16:33.517", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6"}, {"source": "security-advisories@github.com", "url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j2jm-c596-c5q3"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-354"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "xrdp: xrdp: Data integrity compromised due to missing MAC signature verification in Classic RDP Security", "id": "2459272", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459272"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "draft"}, "cwe": "CWE-347", "details": ["A flaw was found in xrdp, an open-source Remote Desktop Protocol (RDP) server. When using the \"Classic RDP Security\" layer, xrdp fails to verify the Message Authentication Code (MAC) signature of encrypted RDP packets. This oversight allows an unauthenticated attacker with man-in-the-middle (MITM) capabilities to modify encrypted traffic as it travels between the client and server without being detected, compromising data integrity. This vulnerability does not affect connections where the Transport Layer Security (TLS) security layer is enforced."], "mitigation": {"lang": "en:us", "value": "Configure xrdp to enforce TLS security. Edit `/etc/xrdp/xrdp.ini` and set `security_layer=tls` in the `[Globals]` section. A restart of the xrdp service is required for the changes to take effect."}, "name": "CVE-2026-32105", "public_date": "2026-04-17T19:27:39Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-32105\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-32105\nhttps://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6\nhttps://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j2jm-c596-c5q3"], "statement": "This vulnerability in xrdp compromises data integrity when the \"Classic RDP Security\" layer is in use, allowing an unauthenticated man-in-the-middle attacker to modify encrypted RDP traffic without detection. Connections configured to enforce the TLS security layer are not affected by this flaw.\nThis vulnerability doesn't affect any supported Red Hat products.", "threat_severity": "Moderate"}