GrepRules
Sign inPublish rule
Explore/cve-2026-33145-xrdp-insecure-alternate-shell-default

CVE-2026-33145: Xrdp Insecure Alternate Shell Default

The `allow_alternate_shell` configuration is initialized to true (1). This insecure default allows clients to supply arbitrary commands which are executed via /bin/sh without sanitization during RDP connection.

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0Cβ
greprules fetch cve-2026-33145-xrdp-insecure-alternate-shell-default --engine opengrep

Description

The `allow_alternate_shell` configuration is initialized to true (1). This insecure default allows clients to supply arbitrary commands which are executed via /bin/sh without sanitization during RDP connection.

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Quality signals
145 downloads0 direct145 via packs
· 0 stars · Quality score 68How quality works
Included packs
2 packs