CVE-2026-3787

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions UltraVNC version 1.6.4.0

Description A weakness exists in UltraVNC 1.6.4.0 on Windows. The issue affects an unknown function within the cryptbase.dll library of the Windows Service component, leading to an uncontrolled search path. Local access is required for exploitation, and the exploitability is considered difficult due to the high complexity involved. The vendor was contacted regarding this disclosure but did not provide a response.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the Windows Service component to minimize the risk of exploitation.

Fix

Uncontrolled Search Path Element

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427CWE-426

Related Identifiers

CVE-2026-3787

Affected Products

Ultravnc

Windows

CVE-2026-3787

Weakness Enumeration

Related Identifiers

Affected Products

References · 13