PatchSiren

Ultravnc CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Ultravnc CVE published 2026-07-01

CVE-2026-7830

CVE-2026-7830 is a HIGH severity vulnerability in UltraVNC's MS-Logon II authentication scheme. The vulnerability uses inadequate cryptography, allowing a network attacker to derive the shared DH key and decrypt the encapsulated username and password, resulting in full credential disclosure. This affects legacy MS-Logon II connections; MS-Logon III (X25519 + AES-256-GCM) is unaffected. Users of UltraVNC, [truncated]