Buffer Overflow Vulnerability in UltraVNC Repeater by UltraVNC
CVE-2026-7840

9.3CRITICAL

Key Information:

Vendor

Uvnc

Status
Vendor
CVE Published:
1 July 2026

What is CVE-2026-7840?

The UltraVNC Repeater prior to 1.8.2.2 contains a vulnerability that allows an unauthenticated attacker to exploit a buffer overflow in its embedded HTTP administration server. The functions responsible for handling HTTP requests write user-supplied URIs into a fixed-size buffer without adequate bounds checking, leading to a situation where an attacker can send a crafted request containing an excessively long URI. This overflow can corrupt memory and potentially allow the attacker to execute arbitrary code on the server, posing a significant security threat.

Affected Version(s)

UltraVNC 0 <= 1.8.2.2

References

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Arjun Basnet, Securin (arjun.basnet@securin.io)
.