CVE-2026-7840
uvnc · UltraVNC
UltraVNC repeater contains a global buffer overflow in its HTTP administration server, allowing unauthenticated remote code execution via a crafted URI.
Executive summary
A critical buffer overflow vulnerability in the UltraVNC repeater allows unauthenticated remote attackers to execute arbitrary code on the host system.
Vulnerability
A global buffer overflow exists in the repeater's HTTP administration server, triggered by unchecked sprintf calls when processing HTTP request URIs. Because the vulnerability occurs before authentication, an unauthenticated attacker can trigger this overflow to corrupt memory and achieve remote code execution.
Business impact
The severity of this vulnerability is extreme, justified by its CVSS score of 9.8. Exploitation grants an attacker full control over the repeater host, which could be used to pivot into internal networks or intercept VNC traffic, resulting in complete system compromise and loss of operational control.
Remediation
Immediate Action: Update the UltraVNC repeater component to the latest patched version provided by the vendor.
Proactive Monitoring: Monitor network traffic to the repeater’s HTTP port (default 80) for unusually large or malformed HTTP requests that exceed standard URI length expectations.
Compensating Controls: Restrict access to the UltraVNC repeater's HTTP interface using firewall rules or VPNs to ensure only authorized management IP addresses can communicate with the service.
Exploitation status
Public Exploit Available: No
Analyst recommendation
Given that this vulnerability allows for pre-authentication remote code execution, it represents an immediate and high-priority threat. Administrators must apply the vendor-supplied patch without delay and ensure the management interface is not exposed to the public internet.