CVE-2026-42859
Neat VNC: Buffer overflow due to oversized RSA public keys
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 (RSA-AES) or security type 129 (RSA-AES-256) handshake with an oversized client RSA public key, causing rsa_aes_send_challenge in src/auth/rsa-aes.c to overflow a 1024-byte on-stack buffer when encrypting the server challenge. This results in at least a denial of service via server crash. This vulnerability is fixed in 0.9.6.
| CWE | CWE-120 |
| Vendor | any1 |
| Product | neatvnc |
| Published | May 11, 2026 |
| Last Updated | May 11, 2026 |
Stay Ahead of the Next One
Get instant alerts for any1 neatvnc
Be the first to know when new unknown vulnerabilities affecting any1 neatvnc are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
any1 / neatvnc
< 0.9.6