diff --git a/libfreerdp/core/fastpath.c b/libfreerdp/core/fastpath.c
index 67106c7b7..5b05b995b 100644
--- a/libfreerdp/core/fastpath.c
+++ b/libfreerdp/core/fastpath.c
@@ -711,6 +711,14 @@ BOOL fastpath_send_multiple_input_pdu(rdpFastPath* fastpath, wStream* s, int iNu
 	BYTE eventHeader;
 	int sec_bytes;
 
+	/*
+	 *  A maximum of 15 events are allowed per request
+	 *  if the optional numEvents field isn't used
+	 *  see MS-RDPBCGR 2.2.8.1.2 for details
+	 */
+	if (iNumEvents > 15)
+		return FALSE;
+
 	rdp = fastpath->rdp;
 
 	length = Stream_GetPosition(s);
@@ -722,7 +730,7 @@ BOOL fastpath_send_multiple_input_pdu(rdpFastPath* fastpath, wStream* s, int iNu
 	}
 
 	eventHeader = FASTPATH_INPUT_ACTION_FASTPATH;
-	eventHeader |= (1 << 2); /* numberEvents */
+	eventHeader |= (iNumEvents << 2); /* numberEvents */
 
 	if (rdp->sec_flags & SEC_ENCRYPT)
 		eventHeader |= (FASTPATH_INPUT_ENCRYPTED << 6);