{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4962", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-27T08:13:02.541Z", "datePublished": "2026-03-27T17:05:16.691Z", "dateUpdated": "2026-03-27T22:07:28.414Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-27T22:07:28.414Z"}, "title": "UltraVNC Service version.dll uncontrolled search path", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-427", "lang": "en", "description": "Uncontrolled Search Path"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-426", "lang": "en", "description": "Untrusted Search Path"}]}], "affected": [{"vendor": "n/a", "product": "UltraVNC", "versions": [{"version": "1.6.0", "status": "affected"}, {"version": "1.6.1", "status": "affected"}, {"version": "1.6.2", "status": "affected"}, {"version": "1.6.3", "status": "affected"}, {"version": "1.6.4.0", "status": "affected"}], "cpes": ["cpe:2.3:a:ultravnc:ultravnc:*:*:*:*:*:*:*:*"], "modules": ["Service"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknown functionality in the library version.dll of the component Service. The manipulation results in uncontrolled search path. The attack needs to be approached locally. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.3, "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6, "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-27T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-27T09:18:07.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "haehanse (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/?id.353839", "name": "VDB-353839 | UltraVNC Service version.dll uncontrolled search path", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.353839", "name": "VDB-353839 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.777619", "name": "Submit #777619 | UltraVNC 1.6.4.0 Uncontrolled Search Path-Privilege escalation with version.dll", "tags": ["third-party-advisory"]}, {"url": "https://drive.google.com/file/d/1QC-MrqGsfjr4phEN77krLFZHQN8S48U_/view", "tags": ["exploit"]}], "tags": ["x_open-source"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T17:42:52.602261Z", "id": "CVE-2026-4962", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T17:43:07.263Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4962", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-27T17:42:52.602261Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T17:43:00.532Z"}}], "cna": {"tags": ["x_open-source"], "title": "UltraVNC Service version.dll uncontrolled search path", "credits": [{"lang": "en", "type": "reporter", "value": "haehanse (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6, "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:ultravnc:ultravnc:*:*:*:*:*:*:*:*"], "vendor": "n/a", "modules": ["Service"], "product": "UltraVNC", "versions": [{"status": "affected", "version": "1.6.0"}, {"status": "affected", "version": "1.6.1"}, {"status": "affected", "version": "1.6.2"}, {"status": "affected", "version": "1.6.3"}, {"status": "affected", "version": "1.6.4.0"}]}], "timeline": [{"lang": "en", "time": "2026-03-27T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-27T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-27T09:18:07.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.353839", "name": "VDB-353839 | UltraVNC Service version.dll uncontrolled search path", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.353839", "name": "VDB-353839 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.777619", "name": "Submit #777619 | UltraVNC 1.6.4.0 Uncontrolled Search Path-Privilege escalation with version.dll", "tags": ["third-party-advisory"]}, {"url": "https://drive.google.com/file/d/1QC-MrqGsfjr4phEN77krLFZHQN8S48U_/view", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknown functionality in the library version.dll of the component Service. The manipulation results in uncontrolled search path. The attack needs to be approached locally. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "Uncontrolled Search Path"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-426", "description": "Untrusted Search Path"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-27T22:07:28.414Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4962", "state": "PUBLISHED", "dateUpdated": "2026-03-27T22:07:28.414Z", "dateReserved": "2026-03-27T08:13:02.541Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-27T17:05:16.691Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknown functionality in the library version.dll of the component Service. The manipulation results in uncontrolled search path. The attack needs to be approached locally. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2026-4962", "lastModified": "2026-03-27T23:17:17.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 1.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-27T17:16:31.307", "references": [{"source": "cna@vuldb.com", "url": "https://drive.google.com/file/d/1QC-MrqGsfjr4phEN77krLFZHQN8S48U_/view"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.353839"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.353839"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.777619"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}, {"lang": "en", "value": "CWE-427"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-27T18:21:09.504181+00:00", "value": {"mitigation_remediation": ["Upgrade UltraVNC to a version released after 1.6.4.0 that fixes the DLL search path vulnerability", "If an upgrade is not immediately available, disable or stop the UltraVNC Service until a patch can be applied", "Limit the privileges of the UltraVNC Service to the minimum required for its operation", "Verify that the service does not use the System directory for DLL loading and consider manual configuration of the DLL search path to point only to trusted locations", "Monitor system logs for anomalous DLL loading activity or sudden privilege changes"], "summary": {"action": "Apply patch", "impact": "Local code execution via uncontrolled DLL search path"}, "threat_synthesis": {"affected_systems": "Affected vendors include UltraVNC. The flaw is present in all UltraVNC releases up to and including version 1.6.4.0. Systems that run these versions (or earlier) of the UltraVNC Service are impacted. The vulnerability is tied to the UltraVNC component listed as a single product by the CNA.", "description_and_impact": "The vulnerability resides in the version.dll library of the UltraVNC Service. An attacker with local access can manipulate the DLL search path to cause the service to load a malicious DLL from a user-specified directory. This can result in arbitrary code execution or privilege escalation on the affected host. The defect is classified as an uncontrolled search path (CWE\u2011426 and CWE\u2011427), which directly compromises the confidentiality, integrity, and availability of the system. While the analysis indicates that the attack requires local presence and has high complexity, an exploit has already been released publicly, suggesting that attackers can successfully leverage it under suitable conditions.", "risk_and_exploitability": "The CVSS score of 7.3 denotes a high severity and indicates that exploitation could have serious consequences if the attacker gains local access. The EPSS score is unavailable, and the vulnerability is not listed in the CISA KEV catalog, but a public exploit exists, increasing the practical risk. The attack vector is inferred to be local, requiring the attacker to authenticate or already have some presence on the target system. Due to the high complexity and the requirement for local execution, the overall exploitability is moderate, yet the presence of an exploit in the wild elevates the urgency for remediation."}}}}, "created": "2026-03-27T20:27:59.177674+00:00", "updated": "2026-03-27T20:27:59.177717+00:00", "vendors": []}