LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-32854

CVE-2026-32854 - Vulnerability Analysis

HighCVSS: 7.5

Last Updated: March 25, 2026

LibVNCServer - Denial of Service

Published: March 24, 2026Updated: March 25, 2026PoC AvailableRemote Exploitable

Overview

LibVNCServer <= 0.9.15 contains a null pointer dereference caused by missing validation of strchr() return values in HTTP proxy handlers in httpd.c, letting remote attackers cause denial of service via crafted HTTP requests, exploit requires httpd and proxy features enabled.

Severity & Score

Severity: High
CVSS Score: 7.5
EPSS Score: 136.8%(Probability of exploitation in next 30 days)

Impact

Remote attackers can crash the server causing denial of service.

Mitigation

Update to a version including commit dc78dee or later.

References

Social Media Activity(1 post)

ZEN SecDB
ZEN SecDB
@secdb
Mar 30, 2026

📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30) See more at https://secdb.nttzen.cloud/dashboard Total CVEs: 1724 Severity: - Critical: 160 - High: 649 - Medium: 676 - Low: 49 - None: 190 Status: - : 20 - Analyzed: 407 - Awaiting Analysis: 410 - Modified: 55 - Received: 778 - Rejected: 23 - Undergoing Analysis: 31 Top CNAs: - GitHub, Inc.: 426 - Patchstack: 248 - VulDB: 159 - VulnCheck: 124 - kernel.org: 122 - Apple Inc.: 87 - MITRE: 74 - Mozilla Corporation: 47 - Wordfence: 46 - Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33 Top Affected Products: - UNKNOWN: 1239 - Apple Macos: 76 - Mozilla Firefox: 45 - Apple Ipados: 41 - Apple Iphone Os: 41 - Wwbn Avideo: 34 - Apple Visionos: 28 - Apple Watchos: 21 - Open-emr Openemr: 20 - Hcltech Aftermarket Cloud: 17 Top EPSS Score: - CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634) - CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526) - CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478) - CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854) - CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748) - CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515) - CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396) - CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611) - CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829) - CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)

View original post

Related Resources

Details

CVE ID
CVE-2026-32854
Severity
High
CVSS Score
7.5
Type
null_pointer_dereference
Status
confirmed
EPSS
136.8%
Social Posts
1

CWE

  • CWE-476

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

136.8%Probability of exploitation in the next 30 days