Off-by-One Error in UltraVNC Repeater Authentication Process
CVE-2026-44042

3.7LOW

Key Information:

Vendor

Uvnc

Status
Vendor
CVE Published:
1 July 2026

What is CVE-2026-44042?

The UltraVNC Repeater version up to 1.8.2.2 contains an off-by-one error in its Base64 decoding function, specifically when handling HTTP Basic authentication. The issue occurs due to a strict greater-than comparison in the wi_uudecode() function, which incorrectly assesses the input length against the output buffer. Although current implementations limit the risk within defined HTTP request constraints, this vulnerability introduces a latent condition that could be exploited should these constraints change. This design flaw poses a potential risk of a one-byte write at the edge of a fixed-size stack buffer under specific conditions.

Affected Version(s)

UltraVNC 0 <= 1.8.2.2

References

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Arjun Basnet, Securin (arjun.basnet@securin.io)
.