What is CVE-2026-4962?

CVE-2026-4962 is a high-severity vulnerability in Uvnc Ultravnc, classified under Untrusted Search Path. CVSS score: 7.0/10. Published 2026-03-27.

How severe is CVE-2026-4962?

High severity. CVSS v3 base score is 7.0 out of 10.

Vulnerability in Uvnc Ultravnc

CVE-2026-4962

A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknown functionality in the library version.dll of the component Service. The manipulation results in uncontrolled search path. The attack needs…

EPSS: 0.000 (0.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.0 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Uvnc Ultravnc
N/a Ultravnc — versions 1.6.0, 1.6.1, 1.6.2

Weakness classification (CWE)

References

VDB-353839 | UltraVNC Service version.dll uncontrolled search path (Third Party Advisory, VDB Entry, vdb-entry)
VDB-353839 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, Permissions Required, permissions-required, VDB Entry)
Submit #777619 | UltraVNC 1.6.4.0 Uncontrolled Search Path-Privilege escalation with version.dll (Exploit, Third Party Advisory, VDB Entry, third-party-advisory)
cna@vuldb.com (Permissions Required, exploit)

Frequently asked questions

What is CVE-2026-4962?: CVE-2026-4962 is a high-severity vulnerability in Uvnc Ultravnc, classified under Untrusted Search Path. CVSS score: 7.0/10. Published 2026-03-27.
How severe is CVE-2026-4962?: High severity. CVSS v3 base score is 7.0 out of 10.