CVE-2026-7830 – UltraVNC

CVSS 7.4 IMPORTANT Critical or Zero Day – Immediate Deployment

“One exposed remote access service can become the fastest path into your environment.”

UltraVNC released fixes for multiple Critical and High-severity vulnerabilities affecting the Repeater and Viewer components through version 1.8.2.2. The issues include a hardcoded default administrator password, pre-authentication remote code execution, buffer overflows, insecure cryptography, and memory corruption. Together, these vulnerabilities could allow attackers to gain unauthorized administrative access, execute arbitrary code, expose credentials, or crash affected systems.

CVE-2026-7840 has a CVSS score of 9.8, which is Critical severity. CVE-2026-7839 has a CVSS score of 9.1, which is Critical severity. CVE-2026-7838 has a CVSS score of 8.8, which is High severity. CVE-2026-7831 has a CVSS score of 7.5, which is High severity. CVE-2026-7830 has a CVSS score of 7.4, which is High severity. CVE-2026-7829 has a CVSS score of 7.2, which is High severity. Verified exploitation has not been reported.

Key Details

Affected Product
Uvnc Ultravnc
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
CWE Classification
CWE-326
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.