Integer Overflow Vulnerability in UltraVNC Repeater Impacting HTTP Request Handling
CVE-2026-7828

5.3MEDIUM

Key Information:

Vendor

Uvnc

Status
Vendor
CVE Published:
1 July 2026

What is CVE-2026-7828?

The vulnerability in UltraVNC's repeater allows for an integer overflow in the HTTP request logging mechanism. The win_log() function improperly calculates memory allocation size based on the length of HTTP request URIs. When a URI exceeds the expected length, this results in an allocation that is smaller than necessary, leading to a potential heap buffer overflow. Although the overflow is constrained by the HTTP receive buffer size, an attacker can exploit this vulnerability by sending a carefully crafted, oversized URI through an unauthenticated HTTP request, which may allow for a partial write in the heap.

Affected Version(s)

UltraVNC 0 <= 1.8.2.2

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Arjun Basnet, Securin (arjun.basnet@securin.io)
.