CVE-2026-7839
UltraVNC · UltraVNC Repeater
UltraVNC Repeater initializes its HTTP administration interface with a hardcoded default password, allowing unauthenticated remote attackers to gain full administrative control.
Executive summary
A critical hardcoded credential vulnerability in UltraVNC Repeater allows remote attackers to bypass authentication and gain full administrative control over the service.
Vulnerability
The application utilizes a hardcoded password ("adminadmi2") for the HTTP administration interface when the configuration file is missing. This flaw allows any remote, unauthenticated attacker to bypass authentication and modify repeater settings or intercept session traffic.
Business impact
The ability for an attacker to gain administrative access to the VNC repeater poses a severe risk to organizational operations. Successful exploitation could lead to unauthorized access to internal remote desktop sessions, manipulation of access control lists, and full compromise of the communication infrastructure, justifying the 9.1 CVSS score.
Remediation
Immediate Action: Update UltraVNC Repeater to the latest available version provided by the vendor to remove the hardcoded credential.
Proactive Monitoring: Review access logs for the HTTP administration port (default TCP 80) for suspicious login attempts or unauthorized modifications.
Compensating Controls: Restrict network access to the UltraVNC Repeater HTTP management interface to trusted management subnets using firewall rules.
Exploitation status
Public Exploit Available: False
Analyst recommendation
This vulnerability represents a significant security oversight that effectively leaves the administration interface open to the public internet on default installations. Administrators must verify their current version and immediately apply the vendor-supplied update to eliminate the hardcoded password risk.