diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-23530.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-23530.patch
new file mode 100644
index 0000000000..4aac13de93
--- /dev/null
+++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-23530.patch
@@ -0,0 +1,28 @@
+From 6f61d18e9707cebe9d7d64346c66da780c7094c4 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Thu, 15 Jan 2026 12:02:02 +0100
+Subject: [PATCH] fix decoder length checks
+
+CVE: CVE-2026-23530
+Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/1bab198a2edd0d0e6e1627d21a433151ea190500]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ libfreerdp/codec/planar.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libfreerdp/codec/planar.c b/libfreerdp/codec/planar.c
+index fe27011e1..1cb2e22bc 100644
+--- a/libfreerdp/codec/planar.c
++++ b/libfreerdp/codec/planar.c
+@@ -616,6 +616,11 @@ BOOL planar_decompress(BITMAP_PLANAR_CONTEXT* planar, const BYTE* pSrcData, UINT
+ 	WINPR_ASSERT(planar);
+ 	WINPR_ASSERT(prims);
+ 
++	if (planar->maxWidth < nSrcWidth)
++		return FALSE;
++	if (planar->maxHeight < nSrcHeight)
++		return FALSE;
++
+ 	if (nDstStep <= 0)
+ 		nDstStep = nDstWidth * GetBytesPerPixel(DstFormat);
+ 
diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
index 63dc177cbe..d4efcccdbd 100644
--- a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
@@ -27,6 +27,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https
            file://CVE-2026-22854.patch \
            file://CVE-2026-22855.patch \
            file://CVE-2026-22852.patch \
+           file://CVE-2026-23530.patch \
            "