Weak Random Number Generation in UltraVNC by UltraVNC
CVE-2026-44040

4.8MEDIUM

Key Information:

Vendor

Uvnc

Status
Vendor
CVE Published:
1 July 2026

What is CVE-2026-44040?

UltraVNC versions up to 1.8.2.2 suffer from a vulnerability arising from a weak pseudo-random number generator employed for generating VNC authentication challenge bytes. The vncRandomBytes() function initializes the random number generation process using easily predictable values, including the current time and process ID, leading to a confined seed space of around 31 bits. This enables attackers who can observe the authentication exchange to successfully enumerate the seed and predict the generated challenge within a few seconds, allowing for potential forgery or offline brute-forcing of authentication responses. Investigations are ongoing regarding the implications in Windows binaries due to different code paths.

Affected Version(s)

UltraVNC 0 <= 1.8.2.2

References

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Arjun Basnet, Securin (arjun.basnet@securin.io)
.