PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-7840 uvnc CVE debrief

A critical buffer overflow vulnerability exists in UltraVNC repeater through version 1.8.2.2. The vulnerability is caused by the functions wi_senderr() and wi_replyhdr() in repeater/webgui/webutils.c, which write the caller-supplied HTTP request URI into a fixed 1000-byte global buffer (hdrbuf) via unchecked sprintf calls. This can be exploited by an unauthenticated attacker who can reach the repeater HTTP port (default TCP 80) with a single HTTP request containing a URI of 1500 bytes or longer, corrupting adjacent .bss-segment globals and allowing for arbitrary code execution on the host running the repeater.

Vendor
uvnc
Product
UltraVNC
CVSS
CRITICAL 9.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-01
Original CVE updated
2026-07-09
Advisory published
2026-07-01
Advisory updated
2026-07-09

Who should care

System administrators and security teams responsible for UltraVNC installations, particularly those using the repeater functionality, should prioritize patching this vulnerability to prevent potential code execution by unauthenticated attackers.

Technical summary

The UltraVNC repeater through version 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. Specifically, the functions wi_senderr() and wi_replyhdr() in repeater/webgui/webutils.c write the caller-supplied HTTP request URI into a fixed 1000-byte global buffer (hdrbuf) via unchecked sprintf calls. The HTTP receive buffer accepts URIs up to approximately 150 KB, allowing an unauthenticated attacker who can reach the repeater HTTP port (default TCP 80) to overflow hdrbuf by at least 500 bytes with a single HTTP request containing a URI of 1500 bytes or longer. This overflow occurs before any authentication check, making it reachable without credentials and potentially leading to arbitrary code execution on the host running the repeater.

Defensive priority

High

Recommended defensive actions

  • Apply the vendor-provided patch or upgrade to a version beyond 1.8.2.2.
  • Restrict access to the UltraVNC repeater HTTP port (default TCP 80) to only trusted networks or users.
  • Implement additional monitoring and logging to detect potential exploitation attempts.
  • Consider replacing or disabling the UltraVNC repeater if patching or upgrading is not feasible.
  • Perform thorough inventory checks to identify and remediate any affected systems.

Evidence notes

The CVE record was published on 2026-07-01T05:16:24.820Z and was last modified on 2026-07-09T06:16:22.340Z. The NVD entry is currently Modified. The vulnerability has a CVSS score of 9.3 and is classified as CRITICAL.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-01T05:16:24.820Z and has not been modified since then. The NVD entry is currently Modified.