CVE-2026-44042
CVE-2026-44042 is a low-severity vulnerability in Uvnc Ultravnc with a CVSS 3.x base score of 3.7. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-193.
Key facts
- Severity: Low (CVSS 3.x base score 3.7)
- EPSS exploit prediction: 0% (23rd percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-193
- Affected product: Uvnc Ultravnc
- Published:
- Last modified:
Description
UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, the wi_uudecode() function checks whether the input length exceeds the output buffer with a strict greater-than comparison (>), while the correct check should be greater-than-or-equal (>=). When strlen(authdata) equals sizeof(decode), the decoded output length (approximately 3/4 of input) does not overflow the buffer in current practice because the outer HTTP request bounds constrain the Authorization header. However, the defective check leaves a latent off-by-one condition that could become exploitable if the buffering constraints change. The current risk is limited to a one-byte write at the boundary of a 1024-byte stack buffer under constrained conditions.
Frequently asked questions
- What is CVE-2026-44042?
- UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, the wi_uudecode() function checks whether the input length exceeds the output buffer with a strict greater-than comparison (>), while the correct check should be greater-than-or-equal (>=). When strlen(authdata) equals sizeof(decode), the decoded output length (approximately 3/4 of input) does not overflow the buffer in current practice because the outer HTTP request bounds constrain the Authorization header. However, the defective check leaves a latent off-by-one condition that could become exploitable if the buffering constraints change. The current risk is limited to a one-byte write at the boundary of a 1024-byte stack buffer under constrained conditions.
- How severe is CVE-2026-44042?
- CVE-2026-44042 has a CVSS 3.x base score of 3.7, rated low severity. It is exploitable over network with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability low.
- Is CVE-2026-44042 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (23rd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2026-44042?
- CVE-2026-44042 affects Uvnc Ultravnc. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2026-44042?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2026-44042 published?
- CVE-2026-44042 was published on 2026-07-01 and last updated on 2026-07-02.
References
Affected products (1)
- cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*
More vulnerabilities in Uvnc Ultravnc
- CVE-2019-8280 — Critical (CVSS 9.8): UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially…
- CVE-2019-8275 — Critical (CVSS 9.8): UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in…
- CVE-2019-8274 — Critical (CVSS 9.8): UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler,…
- CVE-2019-8273 — Critical (CVSS 9.8): UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request…
- CVE-2019-8272 — Critical (CVSS 9.8): UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code…
- CVE-2019-8271 — Critical (CVSS 9.8): UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which…
All CVEs affecting Uvnc Ultravnc →
Other CWE-193 (Off-by-one Error) vulnerabilities
- CVE-2024-10442 — Critical (CVSS 10.0): Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066,…
- CVE-2026-53309 — Critical (CVSS 9.8): In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlm_match_regions()…
- CVE-2024-38441 — Critical (CVSS 9.8): Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to…
- CVE-2023-46853 — Critical (CVSS 9.8): In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used…
- CVE-2023-38429 — Critical (CVSS 9.8): An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in…
- CVE-2022-34970 — Critical (CVSS 9.8): Crow before 1.0+4 has a heap-based buffer overflow via the function qs_parse in query_string.h. On successful…