Skip to main content

Critical Vulnerabilities in UltraVNC Repeater Component

The critical vulnerabilities could allow a remote attacker either to obtain administrative control of the service through a hard-coded credential (CVE-2026-7839) or achieve unauthenticated arbitrary code execution (CVE-2026-7840)

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

The critical vulnerabilities could allow a remote attacker either to obtain administrative control of the service through a hard-coded credential (CVE-2026-7839) or achieve unauthenticated arbitrary code execution (CVE-2026-7840)


Threat details

At the time of writing, there is no confirmed evidence of active exploitation for these vulnerabilities. However, both issues are remotely exploitable without authentication and could present significant risk to vulnerable devices.

The affected component is the UltraVNC Repeater, which is designed to broker remote connections between UltraVNC clients and servers. Organisations using UltraVNC for remote support, administration, supplier access, or operational support should determine whether vulnerable repeater instances are deployed and whether they are reachable from untrusted networks.


Introduction

Two critical vulnerabilities affecting UltraVNC Repeater were published. 

  • CVE-2026-7839 - "Use of Hard-coded Credentials" vulnerability - CVSSv3 score: 9.1
    Successful exploitation could allow a remote, unauthenticated attacker with access to the repeater HTTP port (default TCP 80) to authenticate using the known default credential and gain administrative control of the repeater.

  • CVE-2026-7840 - "Out-of-bounds Write" vulnerability - CVSSv3 score: 9.8
    Successful exploitation could allow a remote, unauthenticated attacker to corrupt memory and execute arbitrary code on the host running the repeater.

Organisations operating internet-facing or operationally important UltraVNC Repeater instances should prioritise identification and remediation activities due to the combination of network accessibility, low attack complexity, and potentially significant organisational impact.


Remediation advice

Affected organisations are encouraged to review the Github Advisory Database for CVE-2026-7839 and the Github Advisory Database for CVE-2026-7840. Updates to 1.8.2.4 are available on the UltraVNC download page and should be applied as soon as possible. 



CVE Vulnerabilities

Last edited: 2 July 2026 3:18 pm