๐Ÿ” CVE Alert

CVE-2026-7839

CRITICAL 9.1

UltraVNC repeater ships hardcoded default admin password allowing unauthenticated admin access

CVSS Score
9.1
EPSS Score
0.0%
EPSS Percentile
0th

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpy_s(saved_password, 64, "adminadmi2"). The HTTP Basic-auth handler wi_decode_auth() checks this password without rate-limiting or lockout. Any remote attacker who can reach the repeater HTTP port (default TCP 80) can authenticate as administrator using the well-known default credential on a fresh or unmodified installation, gaining full control of the repeater configuration including allow/deny rules and session visibility.

CWE CWE-798
Vendor uvnc
Product ultravnc
Published Jul 1, 2026
Stay Ahead of the Next One

Get instant alerts for uvnc ultravnc

Be the first to know when new critical vulnerabilities affecting uvnc ultravnc are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Affected Versions

uvnc / UltraVNC
0 โ‰ค 1.8.2.2

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
uvnc.com: https://uvnc.com/ github.com: https://github.com/ultravnc/UltraVNC

Credits

Arjun Basnet, Securin ([email protected])