Package: FreeRDP Affected versions: <= 3.21.0 Patched versions: 3.22.0 CVE ID: CVE-2026-24678 Severity: Moderate Weaknesses: CWE-416 Summary: - A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in . Details: - stores the request channel in for asynchronous responses. - uses and calls , which dereferences the callback's channel pointer. - frees the channel callback without synchronizing with the capture thread; this can race with and leave pointing to freed memory. Impact: - A malicious server can trigger a client-side heap use after free, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout. Fixed with: -