These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A critical buffer overflow vulnerability exists in UltraVNC repeater through version 1.8.2.2. The vulnerability is caused by the functions wi_senderr() and wi_replyhdr() in repeater/webgui/webutils.c, which write the caller-supplied HTTP request URI into a fixed 1000-byte global buffer (hdrbuf) via unchecked sprintf calls. This can be exploited by an unauthenticated attacker who can reach the repeater HTT [truncated]
CVE-2026-7839 is a critical vulnerability in UltraVNC repeater versions up to 1.8.2.2. The repeater initializes its HTTP administration server with a hardcoded default password, 'adminadmi2', which is written to settings2.txt on first run. This allows remote attackers who can reach the repeater's HTTP port (default TCP 80) to authenticate as administrator without rate-limiting or lockout, gaining full con [truncated]
The CVE-2026-7838 vulnerability is a heap buffer overflow in UltraVNC viewer through 1.8.2.2. It is caused by an integer overflow in the RFB protocol failure-response parsing path. A malicious VNC server or man-in-the-middle can trigger this condition, potentially resulting in remote code execution as the user running the viewer. The vulnerability can be triggered via rfbConnFailed and rfbVncAuthFailed me [truncated]
CVE-2026-7831 is an off-by-one stack buffer overflow vulnerability in UltraVNC viewer through 1.8.2.2. The issue occurs in the RFB ServerInit message handler when the server-supplied nameLength equals exactly 2024. A malicious VNC server can trigger this condition by advertising a desktop name of length 2024 in its ServerInit message, potentially leading to denial of service. The vulnerability affects Ult [truncated]
CVE-2026-7829 is a post-authentication out-of-bounds write vulnerability in UltraVNC repeater through 1.8.2.2. The vulnerability exists in the allow/deny rule parser, specifically in the repeater/webgui/settings.c file. An attacker with admin credentials can trigger this vulnerability to gain code execution on the repeater host. This vulnerability is particularly concerning because it allows for potential [truncated]
The CVE record for CVE-2026-7828 was published on 2026-07-01T05:16:23.970Z and has not been modified since then. The NVD entry is currently Modified. This vulnerability affects UltraVNC repeater through version 1.8.2.2, allowing for a potential heap buffer overflow in the HTTP request logging path. The vulnerability has a CVSS score of 5.3 and a severity of MEDIUM. Users of affected versions should apply [truncated]
CVE-2026-44042 is a low-severity vulnerability in UltraVNC repeater through version 1.8.2.2. The issue is an off-by-one error in the Base64 decode helper used for HTTP Basic authentication, which could potentially lead to a one-byte write at the boundary of a 1024-byte stack buffer under constrained conditions. This vulnerability exists in the wi_uudecode() function in repeater/webgui/webutils.c at line 8 [truncated]
CVE-2026-44041 is an out-of-bounds read vulnerability in UltraVNC 1.8.2.2. The vulnerability exists in the wide-string to multibyte conversion helper, which can lead to potential information disclosure or a process crash. This issue arises from the vncWc2Mb() function in rfb/dh.cpp:204, where a caller-supplied WCHAR pointer is passed to wcslen() before any bounds check. If the caller provides a wide-chara [truncated]