CVE-2026-7840

uvnc · UltraVNC

UltraVNC repeater contains a global buffer overflow in its HTTP administration server, allowing unauthenticated remote code execution via a crafted URI.

Executive summary

A critical buffer overflow vulnerability in the UltraVNC repeater allows unauthenticated remote attackers to execute arbitrary code on the host system.

Vulnerability

A global buffer overflow exists in the repeater's HTTP administration server, triggered by unchecked sprintf calls when processing HTTP request URIs. Because the vulnerability occurs before authentication, an unauthenticated attacker can trigger this overflow to corrupt memory and achieve remote code execution.

Business impact

The severity of this vulnerability is extreme, justified by its CVSS score of 9.8. Exploitation grants an attacker full control over the repeater host, which could be used to pivot into internal networks or intercept VNC traffic, resulting in complete system compromise and loss of operational control.

Remediation

Immediate Action: Update the UltraVNC repeater component to the latest patched version provided by the vendor.

Proactive Monitoring: Monitor network traffic to the repeater’s HTTP port (default 80) for unusually large or malformed HTTP requests that exceed standard URI length expectations.

Compensating Controls: Restrict access to the UltraVNC repeater's HTTP interface using firewall rules or VPNs to ensure only authorized management IP addresses can communicate with the service.

Exploitation status

Public Exploit Available: No

Analyst recommendation

Given that this vulnerability allows for pre-authentication remote code execution, it represents an immediate and high-priority threat. Administrators must apply the vendor-supplied patch without delay and ensure the management interface is not exposed to the public internet.