CVE-2026-4962
published 2026-03-27CVE-2026-4962: A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknown functionality in the library version.dll of the component…
PriorityP336high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
EPSS
0.23%
13.6th percentile
A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknown functionality in the library version.dll of the component Service. The manipulation results in uncontrolled search path. The attack needs to be approached locally. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| uvnc | ultravnc | — | — |
| uvnc | ultravnc | — | — |
| uvnc | ultravnc | — | — |
| uvnc | ultravnc | — | — |
| uvnc | ultravnc | — | — |
| uvnc | ultravnc | 1.6.0.0 – 1.6.4.0 | — |
CVSS provenance
nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.06.4MEDIUMCVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.0MEDIUMAV:L/AC:H/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-3787 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-3787 [CRITICAL] CVE-2026-3787 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3787 :
UltraVNC vulnerability analysis and mitigation
A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function in the library cryptbase.dll of the component Windows Service. This manipulation causes uncontrolled search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Source : NVD
## 7.3
Score
Published March 8, 2026
Severity HIGH
CNA Score 7.3
Affected Technologies
UltraVNC
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
A
Wiz
CVE-2026-4962 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-4962 [CRITICAL] CVE-2026-4962 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4962 :
UltraVNC vulnerability analysis and mitigation
A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknown functionality in the library version.dll of the component Service. The manipulation results in uncontrolled search path. The attack needs to be approached locally. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Source : NVD
## 7.3
Score
Published March 27, 2026
Severity HIGH
CNA Score 7.3
Affected Technologies
UltraVNC
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N
2026-03-27
Published