CVE-2026-34352 — Incorrect Permission Assignment in Tigervnc

CWE-732 — Incorrect Permission Assignment CWE-279 — Incorrect Execution-Assigned Permissions7 documents7 sources

Severity

9.8CRITICALNVD

CNA8.5

EPSS

0.0%

top 92.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tigervnc

Timeline

PublishedMar 26

Latest updateMar 27

Description

In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5tigervnc/tigervnc< 1.16.2

▶NVDtigervnc/tigervnc< 1.16.2

Patches

Patch: github.com ↗Patch: groups.google.com ↗

🔴Vulnerability Details

GHSA

GHSA-4vj5-vh2w-8g5j: In TigerVNC before 1↗2026-03-27

▶

CVEList

CVE-2026-34352: In TigerVNC before 1↗2026-03-26

▶

OSV

CVE-2026-34352: In TigerVNC before 1↗2026-03-26

▶

📋Vendor Advisories

Red Hat

TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions↗2026-03-26

▶

Debian

CVE-2026-34352: tigervnc - In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observ...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-34352 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶