Description
Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending specially crafted UDP JSON frames to port 27000. Attackers on the local network can send malformed packets with unsanitized command data that the service forwards directly to OS execution functions, enabling remote code execution under the service account.
Published: 2026-02-18
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Immediately
AI Analysis

Impact

Saturn Remote Mouse Server contains a command injection flaw that allows an attacker on the local network to send malformed UDP JSON frames to port 27000. The malformed packets contain unsanitized command data that the service passes straight to operating system execution primitives, enabling arbitrary code execution under the service account. The attack is unauthenticated and can be performed remotely over the network, potentially compromising the host and any connected resources.

Affected Systems

The vulnerability affects the Saturn Remote Mouse Server product from Saturn Remote. No specific affected release version is supplied by the vendor, so all runs of the affected product should be considered at risk until a patched version is deployed.

Risk and Exploitability

The CVSS score of 8.6 indicates a high severity vulnerability. EPSS is below 1%, suggesting low overall exploitation probability, and the issue is not listed in the CISA KEV catalog. The attack vector is local network based, exploiting unauthenticated UDP traffic on port 27000; the attacker merely needs to be on the same network subnet and does not require credentials. Once executed, the attacker can run arbitrary commands with the permissions of the service account, potentially taking full control of the host.

Generated by OpenCVE AI on April 17, 2026 at 18:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patch or upgrade that fixes the UDP command injection flaw.
  • Block or restrict UDP port 27000 to trusted hosts using a firewall or network policy.
  • Reduce the privileges of the service account or run the service with a least-privilege user.
  • Isolate the service in a separate network segment to limit lateral movement.

Generated by OpenCVE AI on April 17, 2026 at 18:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 19 Feb 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Saturnremote
Saturnremote saturn Remote Mouse Server
Vendors & Products Saturnremote
Saturnremote saturn Remote Mouse Server

Wed, 18 Feb 2026 21:30:00 +0000

Type Values Removed Values Added
Description Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending specially crafted UDP JSON frames to port 27000. Attackers on the local network can send malformed packets with unsanitized command data that the service forwards directly to OS execution functions, enabling remote code execution under the service account.
Title Saturn Remote Mouse Server UDP Command Injection RCE
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Saturnremote Saturn Remote Mouse Server
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-02-19T14:57:25.386Z

Reserved: 2026-02-18T18:13:19.641Z

Link: CVE-2026-27182

cve-icon Vulnrichment

Updated: 2026-02-19T14:56:56.751Z

cve-icon NVD

Status : Deferred

Published: 2026-02-18T22:16:26.517

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-27182

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T18:30:05Z

Weaknesses