PatchSiren cyber security CVE debrief
CVE-2026-7840 uvnc CVE debrief
A critical buffer overflow vulnerability exists in UltraVNC repeater through version 1.8.2.2. The vulnerability is caused by the functions wi_senderr() and wi_replyhdr() in repeater/webgui/webutils.c, which write the caller-supplied HTTP request URI into a fixed 1000-byte global buffer (hdrbuf) via unchecked sprintf calls. This can be exploited by an unauthenticated attacker who can reach the repeater HTTP port (default TCP 80) with a single HTTP request containing a URI of 1500 bytes or longer, corrupting adjacent .bss-segment globals and allowing for arbitrary code execution on the host running the repeater.
- Vendor
- uvnc
- Product
- UltraVNC
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-01
- Original CVE updated
- 2026-07-09
- Advisory published
- 2026-07-01
- Advisory updated
- 2026-07-09
Who should care
System administrators and security teams responsible for UltraVNC installations, particularly those using the repeater functionality, should prioritize patching this vulnerability to prevent potential code execution by unauthenticated attackers.
Technical summary
The UltraVNC repeater through version 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. Specifically, the functions wi_senderr() and wi_replyhdr() in repeater/webgui/webutils.c write the caller-supplied HTTP request URI into a fixed 1000-byte global buffer (hdrbuf) via unchecked sprintf calls. The HTTP receive buffer accepts URIs up to approximately 150 KB, allowing an unauthenticated attacker who can reach the repeater HTTP port (default TCP 80) to overflow hdrbuf by at least 500 bytes with a single HTTP request containing a URI of 1500 bytes or longer. This overflow occurs before any authentication check, making it reachable without credentials and potentially leading to arbitrary code execution on the host running the repeater.
Defensive priority
High
Recommended defensive actions
- Apply the vendor-provided patch or upgrade to a version beyond 1.8.2.2.
- Restrict access to the UltraVNC repeater HTTP port (default TCP 80) to only trusted networks or users.
- Implement additional monitoring and logging to detect potential exploitation attempts.
- Consider replacing or disabling the UltraVNC repeater if patching or upgrading is not feasible.
- Perform thorough inventory checks to identify and remediate any affected systems.
Evidence notes
The CVE record was published on 2026-07-01T05:16:24.820Z and was last modified on 2026-07-09T06:16:22.340Z. The NVD entry is currently Modified. The vulnerability has a CVSS score of 9.3 and is classified as CRITICAL.
Official resources
-
CVE-2026-7840 CVE record
CVE.org
-
CVE-2026-7840 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
33c584b5-0579-4c06-b2a0-8d8329fcab9c - Product
-
Source reference
33c584b5-0579-4c06-b2a0-8d8329fcab9c - Product
-
Source reference
33c584b5-0579-4c06-b2a0-8d8329fcab9c
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-01T05:16:24.820Z and has not been modified since then. The NVD entry is currently Modified.