A vulnerability classified as critical has been found in FreeRDP up to 3.25.x . Affected by this vulnerability is the function gdi_CacheToSurface . The manipulation leads to heap-based buffer overflow. This vulnerability is documented as CVE-2026-40033 . The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.