PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-44041 uvnc CVE debrief

CVE-2026-44041 is an out-of-bounds read vulnerability in UltraVNC 1.8.2.2. The vulnerability exists in the wide-string to multibyte conversion helper, which can lead to potential information disclosure or a process crash. This issue arises from the vncWc2Mb() function in rfb/dh.cpp:204, where a caller-supplied WCHAR pointer is passed to wcslen() before any bounds check. If the caller provides a wide-character buffer that is not properly NUL-terminated, wcslen() reads past the end of the buffer until it encounters a NUL wchar, resulting in an out-of-bounds read. The impact is limited to potential information disclosure from adjacent memory regions or a process crash (denial of service) if the over-read crosses a page boundary.

Vendor
uvnc
Product
UltraVNC
CVSS
MEDIUM 4.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-01
Original CVE updated
2026-07-09
Advisory published
2026-07-01
Advisory updated
2026-07-09

Who should care

Users of UltraVNC 1.8.2.2 and earlier versions should apply the patch to prevent potential information disclosure or denial of service attacks. This includes administrators and users of UltraVNC in environments where security and data integrity are crucial.

Technical summary

The vulnerability is caused by the vncWc2Mb() function in rfb/dh.cpp:204, which passes a caller-supplied WCHAR pointer to wcslen() before any bounds check. If the caller provides a wide-character buffer that is not properly NUL-terminated, wcslen() reads past the end of the buffer until it encounters a NUL wchar, resulting in an out-of-bounds read. Under typical Win32 API usage, this requires an abnormal caller contract. The impact is limited to potential information disclosure from adjacent memory regions or a process crash (denial of service) if the over-read crosses a page boundary.

Defensive priority

Medium

Recommended defensive actions

  • Apply the patch to UltraVNC 1.8.2.2
  • Use secure communication protocols
  • Limit access to the UltraVNC service
  • Monitor for suspicious activity
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-01T05:16:21.033Z and was last modified on 2026-07-09T06:16:21.010Z. The NVD entry is currently Modified. The information provided is based on the available data and may not be exhaustive. Further verification is recommended to ensure accurate understanding of the vulnerability.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-01T05:16:21.033Z and has not been modified since then.