CVE-2026-32854
published 2026-03-24CVE-2026-32854: LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within…
PriorityP346high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
5.32%
91.6th percentile
LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libvncserver | < libvncserver 0.9.15+dfsg-3 (forky) | libvncserver 0.9.15+dfsg-3 (forky) |
| libvnc | libvncserver | <= 0.9.15 | — |
| libvncserver_project | libvncserver | < 0.9.15 | 0.9.15 |
| libvncserver_project | libvncserver | >= 0 < 0.9.15+dfsg-3 | 0.9.15+dfsg-3 |
| ubuntu | libvncserver | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.06.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv6.3MEDIUM
vendor_ubuntu7.5HIGH
vendor_debian6.3MEDIUM
vendor_redhat6.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
LibVNCServer vulnerabilities
vendor_ubuntu·2026-06-23·CVSS 7.5
CVE-2020-29260 [HIGH] LibVNCServer vulnerabilities
Title: LibVNCServer vulnerabilities
Summary: Several security issues were fixed in LibVNCServer.
It was discovered that LibVNCServer had a memory leak in the client cleanup
function. An attacker could possibly use this issue to cause LibVNCServer
to consume memory, leading to a denial of service. This issue only affected
Ubuntu 22.04 LTS. (CVE-2020-29260)
It was discovered that LibVNCServer did not properly validate bounds when
handling UltraZip encoding subrectangles. A remote attacker could possibly
use this issue to obtain sensitive information or cause a denial of
service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and
Ubuntu 25.04. (CVE-2026-32853)
It was discovered that LibVNCServer did not properly validate return values
in the HTTP proxy handlers. A remote att
Red Hat
LibVNCServer: LibVNCServer: Denial of Service via specially crafted HTTP requests
vendor_redhat·2026-03-24·CVSS 6.3
CVE-2026-32854 [MEDIUM] CWE-476 LibVNCServer: LibVNCServer: Denial of Service via specially crafted HTTP requests
LibVNCServer: LibVNCServer: Denial of Service via specially crafted HTTP requests
LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled.
A flaw was found in LibVNCServer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by sending specially crafted HTTP requests. The flaw exists in the HTTP proxy handlers, where missing validation
Debian
CVE-2026-32854: libvncserver - LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null po...
vendor_debian·2026·CVSS 6.3
CVE-2026-32854 [MEDIUM] CVE-2026-32854: libvncserver - LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null po...
LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 0.9.15+dfsg-3)
sid: resolved (fixed in 0.9.15+dfsg-3)
trixie: open
OSV
CVE-2026-32854: LibVNCServer versions 0
osv·2026-03-24·CVSS 6.3
CVE-2026-32854 [MEDIUM] CVE-2026-32854: LibVNCServer versions 0
LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-32854 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32854 [MEDIUM] CVE-2026-32854 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32854 :
NixOS vulnerability analysis and mitigation
LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled.
Source : NVD
## 6.3
Score
Published March 24, 2026
Severity MEDIUM
CNA Score 6.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation P
Bugzilla
CVE-2026-32854 libvncserver: LibVNCServer: Denial of Service via specially crafted HTTP requests [fedora-all]
bugzilla·2026-03-24·CVSS 7.5
CVE-2026-32854 [HIGH] CVE-2026-32854 libvncserver: LibVNCServer: Denial of Service via specially crafted HTTP requests [fedora-all]
CVE-2026-32854 libvncserver: LibVNCServer: Denial of Service via specially crafted HTTP requests [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This bug is already fixed in a published Bodhi update: libvncserver-0.9.15-8.fc45
2026-03-24
Published