PatchSiren cyber security CVE debrief
CVE-2026-7831 uvnc CVE debrief
CVE-2026-7831 is an off-by-one stack buffer overflow vulnerability in UltraVNC viewer through 1.8.2.2. The issue occurs in the RFB ServerInit message handler when the server-supplied nameLength equals exactly 2024. A malicious VNC server can trigger this condition by advertising a desktop name of length 2024 in its ServerInit message, potentially leading to denial of service. The vulnerability affects UltraVNC viewer and can be exploited by a remote attacker to cause a denial of service condition.
- Vendor
- uvnc
- Product
- UltraVNC
- CVSS
- HIGH 7.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-01
- Original CVE updated
- 2026-07-09
- Advisory published
- 2026-07-01
- Advisory updated
- 2026-07-09
Who should care
Users of UltraVNC viewer versions up to 1.8.2.2 should apply patches or mitigations to prevent potential denial of service attacks. This includes administrators of systems using UltraVNC viewer, security teams responsible for vulnerability management, and operators of affected platforms.
Technical summary
The vulnerability is caused by an off-by-one error in the handling of the ServerInit message in UltraVNC viewer. Specifically, when the server-supplied nameLength equals exactly 2024, the code declares a 2024-byte stack buffer and calls ReadString with a length of 2024, writing the NUL terminator one byte past the end of the stack buffer. This can lead to a denial of service on both release builds without stack canaries and builds with /GS stack protection. The issue is limited to UltraVNC viewer versions up to 1.8.2.2.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates to UltraVNC viewer to version 1.8.2.3 or later
- Implement compensating controls such as network segmentation and access controls
- Monitor VNC connections for suspicious activity
- Consider using alternative VNC software with built-in security features
- Review and update asset inventory to identify affected systems
- Plan and execute rollback or change windows for remediation
- Track exceptions and retest remediated assets
Evidence notes
The CVE record was published on 2026-07-01T05:16:24.380Z and was last modified on 2026-07-09T06:16:21.900Z. The NVD entry is currently Modified. Evidence is limited to public sources and may not reflect the full scope or impact of the vulnerability. Defenders should verify affected systems and apply patches or mitigations accordingly.
Official resources
-
CVE-2026-7831 CVE record
CVE.org
-
CVE-2026-7831 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
33c584b5-0579-4c06-b2a0-8d8329fcab9c - Product
-
Mitigation or vendor reference
33c584b5-0579-4c06-b2a0-8d8329fcab9c - Product, Release Notes
-
Source reference
33c584b5-0579-4c06-b2a0-8d8329fcab9c
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-01T05:16:24.380Z and has not been modified since then.