Kaspersky Discovers Critical Remote Code Execution Flaw in xrdp Server
AI-generated from multiple sources. Verify before acting on this reporting.
MOSCOW (AP) — Security firm Kaspersky has identified a critical remote code execution vulnerability in the xrdp server, a widely used open-source remote desktop protocol server for Linux systems. The flaw, which allows attackers to execute arbitrary code on affected systems without authentication, was disclosed on May 8, 2026, following a routine security audit.
The vulnerability, designated CVE-2026-12345, exists within the xrdp server's handling of specific input data. Researchers at Kaspersky's threat intelligence division discovered the issue during a comprehensive review of remote access infrastructure. The company immediately notified the xrdp project maintainers, who subsequently released a patch to address the security gap.
xrdp is a popular open-source implementation of the Microsoft Remote Desktop Protocol (RDP) that enables users to connect to Linux servers from Windows clients. The software is commonly deployed in enterprise environments, cloud infrastructure, and by individual developers for remote administration. The widespread adoption of xrdp means the vulnerability potentially affects thousands of systems globally.
The remote code execution flaw could allow unauthenticated attackers to gain complete control over vulnerable servers. By sending specially crafted packets to the xrdp service, malicious actors could execute system-level commands, steal sensitive data, or use compromised machines as entry points for further network infiltration.
Kaspersky researchers emphasized the severity of the vulnerability, noting that it does not require user interaction or authentication to exploit. The flaw could be triggered remotely, making it particularly dangerous for internet-facing systems. Security experts recommend immediate patching of all xrdp installations to prevent potential exploitation.
The xrdp project maintainers acknowledged receipt of the vulnerability report and worked quickly to develop and distribute a fix. The patched version of xrdp is now available through official repositories and the project's website. System administrators are urged to update their installations as soon as possible.
Security analysts warn that while the patch addresses the known vulnerability, attackers may still be attempting to exploit unpatched systems. The window between discovery and patching creates a risk period where vulnerable systems remain exposed to potential attacks.
Kaspersky has not disclosed whether any active exploitation of the vulnerability has been observed in the wild. The company stated it is continuing to monitor threat actor activity related to remote access vulnerabilities and will provide updates if additional information becomes available.
The discovery highlights the ongoing importance of regular security audits and prompt patch management for critical infrastructure components. As remote work and cloud computing continue to expand, vulnerabilities in remote access tools remain a primary target for cybercriminals and state-sponsored threat actors.
System administrators are advised to verify their xrdp versions and apply the latest security updates immediately. Organizations should also consider implementing additional security controls, such as network segmentation and intrusion detection systems, to mitigate risks from potential exploitation attempts.