Buffer Overflow Vulnerability in UltraVNC Repeater by UltraVNC
CVE-2026-7840
9.3CRITICAL
What is CVE-2026-7840?
The UltraVNC Repeater prior to 1.8.2.2 contains a vulnerability that allows an unauthenticated attacker to exploit a buffer overflow in its embedded HTTP administration server. The functions responsible for handling HTTP requests write user-supplied URIs into a fixed-size buffer without adequate bounds checking, leading to a situation where an attacker can send a crafted request containing an excessively long URI. This overflow can corrupt memory and potentially allow the attacker to execute arbitrary code on the server, posing a significant security threat.
Affected Version(s)
UltraVNC 0 <= 1.8.2.2
References
CVSS V4
Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Arjun Basnet, Securin (arjun.basnet@securin.io)
