Home / Vulnerability Intelligence / CVE-2026-34352

CVE-2026-34352 - Vulnerability Analysis

HighCVSS: 8.5

Last Updated: March 26, 2026

TigerVNC - Broken Access Control

Published: March 26, 2026Updated: March 26, 2026

Overview

TigerVNC < 1.16.2 contains a broken access control caused by incorrect permissions in Image.cxx in x0vncserver, letting other users observe or manipulate screen contents or cause application crash, exploit requires local user access.

Severity & Score

Severity: High

CVSS Score: 8.5

Impact

Other users can view or manipulate screen contents or crash the application, risking data exposure or denial of service.

Mitigation

Upgrade to version 1.16.2 or later.

References

https://sourceforge.net/projects/tigervnc/files/stable/1.16.2
https://www.openwall.com/lists/oss-security/2026/03/26/7
https://github.com/TigerVNC/tigervnc/commit/0b5cab169d847789efa54459a87659d3fd484393
https://groups.google.com/g/tigervnc-announce/c/anHL9WLshLI

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-34352
Severity: High
CVSS Score: 8.5
Type: broken_access_control
Status: new

CWE

CWE-732

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L