What is CVE-2026-3787?

CVE-2026-3787 is a high-severity vulnerability in Microsoft Windows, classified under Untrusted Search Path. CVSS score: 7.0/10. Published 2026-03-08.

How severe is CVE-2026-3787?

High severity. CVSS v3 base score is 7.0 out of 10.

Vulnerability in Microsoft Windows

CVE-2026-3787

A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function in the library cryptbase.dll of the component Windows Service. This manipulation causes uncontrolled search path. The attack requires local acc…

EPSS: 0.000 (0.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.0 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Microsoft Windows
Uvnc Ultravnc — versions 1.6.4.0
N/a Ultravnc — versions 1.6.4.0

Weakness classification (CWE)

References

VDB-349754 | UltraVNC Windows Service cryptbase.dll uncontrolled search path (Third Party Advisory, VDB Entry, vdb-entry)
VDB-349754 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, Permissions Required, permissions-required, VDB Entry)
Submit #767257 | UltraVNC 1.6.4.0 Uncontrolled Search Path (Third Party Advisory, VDB Entry, third-party-advisory)
cna@vuldb.com (Permissions Required, related)

Frequently asked questions

What is CVE-2026-3787?: CVE-2026-3787 is a high-severity vulnerability in Microsoft Windows, classified under Untrusted Search Path. CVSS score: 7.0/10. Published 2026-03-08.
How severe is CVE-2026-3787?: High severity. CVSS v3 base score is 7.0 out of 10.