HIGH
Ultravnc
CVE published 2026-07-01
CVE-2026-7830
CVE-2026-7830 is a HIGH severity vulnerability in UltraVNC's MS-Logon II authentication scheme. The vulnerability uses inadequate cryptography, allowing a network attacker to derive the shared DH key and decrypt the encapsulated username and password, resulting in full credential disclosure. This affects legacy MS-Logon II connections; MS-Logon III (X25519 + AES-256-GCM) is unaffected. Users of UltraVNC, [truncated]