CVE-2026-27182

HIGH 8.4

Saturn Remote Mouse Server UDP Command Injection RCE

CVSS Score

8.4

EPSS Score

0.0%

EPSS Percentile

0th

Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending specially crafted UDP JSON frames to port 27000. Attackers on the local network can send malformed packets with unsanitized command data that the service forwards directly to OS execution functions, enabling remote code execution under the service account.

CWE	CWE-306
Vendor	saturnremote
Product	saturn remote mouse server
Published	Feb 18, 2026
Last Updated	Feb 19, 2026

Stay Ahead of the Next One

Get instant alerts for saturnremote saturn remote mouse server

Be the first to know when new high vulnerabilities affecting saturnremote saturn remote mouse server are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

saturnremote / Saturn Remote Mouse Server

References

NVD ↗ CVE.org ↗ EPSS Data ↗

packetstorm.news: https://packetstorm.news/files/id/215835/ saturnremote.com: https://www.saturnremote.com/ vulncheck.com: https://www.vulncheck.com/advisories/saturn-remote-mouse-server-udp-command-injection-rce

Credits

indoushka