Out-of-Bounds Write in UltraVNC Repeater Affects Admin Credentials
CVE-2026-7829
7.2HIGH
What is CVE-2026-7829?
The UltraVNC Repeater prior to version 1.8.2.2 is susceptible to a post-authentication out-of-bounds write vulnerability within its allow/deny rule parser. This occurs due to insufficient boundary checks during the handling of rule tokens, leading to the potential overwriting of adjacent stack data. Authorized administrators who save overly long token lengths can trigger this flaw, allowing attackers with admin credentials to gain unauthorized code execution on the repeater host, consequently jeopardizing system security.
Affected Version(s)
UltraVNC 0 <= 1.8.2.2
