Integer Overflow Vulnerability in UltraVNC Viewer by UltraVNC
CVE-2026-7838

8.7HIGH

Key Information:

Vendor

Uvnc

Status
Vendor
CVE Published:
1 July 2026

What is CVE-2026-7838?

The UltraVNC Viewer version 1.8.2.2 is susceptible to an integer overflow that can lead to a heap buffer overflow in its RFB protocol handling. Specifically, the vulnerability resides in the parsing of failure-response messages where a network-supplied value can result in incorrect memory allocation. When the viewer connects to a malicious VNC server, or if an attacker intercepts the RFB stream, this vulnerability can be exploited to trigger unintended memory operations. This may allow attackers to execute arbitrary code as the user running the viewer, raising significant security concerns for those utilizing this software.

Affected Version(s)

UltraVNC 0 <= 1.8.2.2

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Arjun Basnet, Securin (arjun.basnet@securin.io)
.