Buffer overflow in Any1 Neatvnc

CVE-2026-42859

Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a craft…

Vulnerability class: Buffer Overflow

EPSS: 0.002 (35.8th percentile) — read the EPSS interpretation.

Affected products

Any1 Neatvnc — versions < 0.9.6

Weakness classification (CWE)

CWE-120 — Buffer Copy without Checking Size of Input (Classic Buffer Overflow)

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)