PatchSiren cyber security CVE debrief
CVE-2026-51082 Proxmox CVE debrief
CVE-2026-51082 is a race condition vulnerability between the vncproxy and vncwebsocket API calls in Proxmox Virtual Environment (PVE) 9.x pve-manager 9.1.x before 9.1.9 and 8.4.x before 8.4.19; qemu-server 9.1.x before 9.1.7 and 8.4.x before 8.4.7; and pve-container 6.1.x before 6.1.3 and 5.3.x before 5.3.4. An attacker with privileges to call 'vncproxy' can hijack a VNC session established in parallel by a different user for a different VM.
- Vendor
- Proxmox
- Product
- Proxmox Virtual Environment
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-17
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-17
- Advisory updated
- 2026-07-17
Who should care
Users of Proxmox Virtual Environment (PVE) 9.x, specifically those using pve-manager 9.1.x before 9.1.9 and 8.4.x before 8.4.19; qemu-server 9.1.x before 9.1.7 and 8.4.x before 8.4.7; and pve-container 6.1.x before 6.1.3 and 5.3.x before 5.3.4, should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
A race condition exists between the vncproxy and vncwebsocket API calls in Proxmox Virtual Environment (PVE). This vulnerability allows an attacker with privileges to call 'vncproxy' to hijack a VNC session that is established in parallel by a different user for a different VM. The affected products and versions are PVE 9.x pve-manager 9.1.x before 9.1.9 and 8.4.x before 8.4.19; qemu-server 9.1.x before 9.1.7 and 8.4.x before 8.4.7; and pve-container 6.1.x before 6.1.3 and 5.3.x before 5.3.4.
Defensive priority
High
Recommended defensive actions
- Update pve-manager to version 9.1.9 or later for PVE 9.x, and to version 8.4.19 or later for PVE 8.4.x.
- Update qemu-server to version 9.1.7 or later for PVE 9.x, and to version 8.4.7 or later for PVE 8.4.x.
- Update pve-container to version 6.1.3 or later for PVE 6.1.x, and to version 5.3.4 or later for PVE 5.3.x.
- Restrict access to the vncproxy API call to only those who need it.
- Monitor VNC sessions for suspicious activity.
Evidence notes
The CVE record was published on 2026-07-17T15:16:46.867Z and has not been modified since then. The NVD entry is currently 'Received'. Evidence is limited; defenders should verify affected product deployments exist in managed environments and review official advisories for scope, severity, and guidance. Confirm compensating controls are in place for exposed systems and monitor for suspicious VNC session activity. Check relevant logs for exposed assets needing extra review.
Official resources
-
CVE-2026-51082 CVE record
CVE.org
-
CVE-2026-51082 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T15:16:46.867Z and has not been modified since then. The NVD entry is currently Received.