PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-44042 uvnc CVE debrief

CVE-2026-44042 is a low-severity vulnerability in UltraVNC repeater through version 1.8.2.2. The issue is an off-by-one error in the Base64 decode helper used for HTTP Basic authentication, which could potentially lead to a one-byte write at the boundary of a 1024-byte stack buffer under constrained conditions. This vulnerability exists in the wi_uudecode() function in repeater/webgui/webutils.c at line 817. The function incorrectly checks the input length with a strict greater-than comparison (>), instead of a greater-than-or-equal (>=) check. This leaves a latent off-by-one condition that could become exploitable if buffering constraints change. The CVSS score is 3.7 (Low severity). Users of UltraVNC repeater versions prior to a fixed version should apply patches or mitigations to prevent potential exploitation.

Vendor
uvnc
Product
UltraVNC
CVSS
LOW 3.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-01
Original CVE updated
2026-07-09
Advisory published
2026-07-01
Advisory updated
2026-07-09

Who should care

Users of UltraVNC repeater versions prior to a fixed version should apply patches or mitigations to prevent potential exploitation. This includes operators, administrators, and security teams responsible for managing and securing UltraVNC repeater deployments. They should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.

Technical summary

The vulnerability exists in the wi_uudecode() function in repeater/webgui/webutils.c at line 817. The function incorrectly checks the input length with a strict greater-than comparison (>), instead of a greater-than-or-equal (>=) check. This leaves a latent off-by-one condition that could become exploitable if buffering constraints change. The CVSS score is 3.7 (Low severity). The current risk is limited to a one-byte write at the boundary of a 1024-byte stack buffer under constrained conditions. However, the defective check could become exploitable if the buffering constraints change.

Defensive priority

Apply patches or updates from the vendor as soon as available. Review and adjust configurations to limit exposure. Monitor for and respond to potential exploitation attempts.

Recommended defensive actions

  • Apply patches or updates from the vendor as soon as available
  • Review and adjust configurations to limit exposure
  • Monitor for and respond to potential exploitation attempts
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-01T05:16:21.153Z and was last modified on 2026-07-09T06:16:21.157Z. The NVD entry is currently Modified. The vulnerability details are based on the information provided in the CVE record and NVD entry. However, the details are limited, and defenders should verify the affected scope and severity with the vendor or other reliable sources. The off-by-one error in the Base64 decode helper used for HTTP Basic authentication could potentially lead to a one-byte write at the boundary of a 1024-byte stack buffer under constrained conditions.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-01T05:16:21.153Z and has not been modified since then.