PT-2026-55688 · Undefined · Undefined
Published
2026-07-04
·
Updated
2026-07-04
·
CVE-2026-57964
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
3 CVEs in spice-vdagent
macOS/BSD, session info create() returns NULL without systemd-logind... so auth just gets skipped entirely. Any local process connects as trusted agent. The "if auth fails, don't auth" classic 😂
- heap overflow via integer wraparound
- path traversal: malicious host writes anywhere on guest
CVE-2026-57964: https://t.co/Su6wSjT7lw
CVE-2026-57965: https://t.co/rdzxqq6aY2
CVE-2026-57966: https://t.co/Eq0uP2q40i
#0day #CVE #InfoSec #BugBounty #GanaSec
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Undefined