CVE-2026-34352
8.5 HIGHIn TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an applicat...
Published: 2026-03-26 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 8.5 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
- CWE
- CWE-732
Affected products
| Vendor | Product |
|---|---|
| tigervnc | tigervnc |
Description
In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-34352
- [Patch]https://github.com/TigerVNC/tigervnc/commit/0b5cab169d847789efa54459a87659d3fd484393
- [Other]https://github.com/TigerVNC/tigervnc/issues/2079
- [Patch]https://groups.google.com/g/tigervnc-announce/c/anHL9WLshLI
- [Other]https://sourceforge.net/projects/tigervnc/files/stable/1.16.2
- [Other]https://www.openwall.com/lists/oss-security/2026/03/26/7
- [Other]https://github.com/TigerVNC/tigervnc/issues/2079
Related CVEs
Same vendor
- CVE-2025-26597 — A buffer overflow flaw was found in X.Org and Xwayland (7.8 HIGH)
Same CWE
- CVE-2026-53856 — OpenClaw before 2026.4.24 contains an insecure file permissions vulnerability in config recovery that restores OpenClaw.json with overly ... (5.5 MEDIUM)
- CVE-2026-0271 — A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to exec...
- CVE-2026-50570 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (8.5 HIGH)
- CVE-2026-26422 — clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation (8.4 HIGH)
- CVE-2026-50590 — In Mimecast Incydr before 2.6.0, arbitrary file access can occur (4.5 MEDIUM)