CVE-2026-3787Untrusted Search Path in Ultravnc

CWE-426Untrusted Search PathCWE-427Uncontrolled Search Path Element4 documents3 sources
Severity
7.3HIGHNVD
EPSS
0.0%
top 99.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Uvnc Ultravnc
Timeline
PublishedMar 8
Latest updateMar 9

Description

A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function in the library cryptbase.dll of the component Windows Service. This manipulation causes uncontrolled search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

NVDuvnc/ultravnc1.6.4.0

🔴Vulnerability Details

1
GHSA
GHSA-97cv-xr93-496p: A weakness has been identified in UltraVNC 12026-03-09

🕵️Threat Intelligence

2
Wiz
CVE-2026-3787 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-4962 Impact, Exploitability, and Mitigation Steps | Wiz