CVE-2026-3787 - Vulnerability Details

- UltraVNC Windows Service cryptbase.dll uncontrolled search path

Description

A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function in the library cryptbase.dll of the component Windows Service. This manipulation causes uncontrolled search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-03-08

Score: 7.3 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability lies in an unknown function within cryptbase.dll exposed by the UltraVNC Windows Service. The flaw permits an attacker with local access to manipulate the DLL search path, potentially causing the service to load a malicious DLL and execute arbitrary code. This weakness corresponds to CWE‑426 and CWE‑427, illustrating an untrusted or uncontrolled search path that can lead to DLL hijacking. The description indicates that the attack requires high complexity and is considered difficult to exploit, which limits immediate threat but still permits a serious compromise if achieved.

Affected Systems

This problem affects UltraVNC 1.6.4.0 running on Windows platforms. The vulnerable component is part of the UltraVNC service bundle; users with Windows operating systems that host this specific version of UltraVNC are susceptible.

Risk and Exploitability

The CVSS score of 7.3 marks it as high severity. However, the EPSS score is less than 1%, indicating a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The limited attacker capability (local access only) and the stated difficulty in exploitation suggest that while the risk to organizational security is significant, active attacks are currently few.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

UltraVNC

affected

Version	Status	Constraints
`1.6.4.0`	affected	—

Configuration 1 [-]

AND

cpe:2.3:a:uvnc:ultravnc:1.6.4.0:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Ultravnc

95%

Version	Status	Scheme	Platform
`1.6.4.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade UltraVNC to the latest released version that addresses this issue
If an update is unavailable, run the UltraVNC service with the lowest privilege level and tightly control the directories it can probe for DLLs
Configure Windows to enforce a safe DLL search order (e.g., use SetDefaultDllDirectories) or restrict the system PATH for the service process

Generated by OpenCVE AI on April 16, 2026 at 10:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity High

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00007.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://drive.google.com/file/d/14ixv_1i4D2VrZWyl4RKsvFcN1AMF_qNx/view
https://vuldb.com/?ctiid.349754
https://vuldb.com/?id.349754
https://vuldb.com/?submit.767257

History

Tue, 10 Mar 2026 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 10 Mar 2026 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft Microsoft windows Uvnc Uvnc ultravnc
CPEs		cpe:2.3:a:uvnc:ultravnc:1.6.4.0:::::::* cpe:2.3:o:microsoft:windows:-:::::::*
Vendors & Products		Microsoft Microsoft windows Uvnc Uvnc ultravnc

Sun, 08 Mar 2026 23:15:00 +0000

Type	Values Removed	Values Added
Description		A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function in the library cryptbase.dll of the component Windows Service. This manipulation causes uncontrolled search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Title		UltraVNC Windows Service cryptbase.dll uncontrolled search path
First Time appeared		Ultravnc Ultravnc ultravnc
Weaknesses		CWE-426 CWE-427
CPEs		cpe:2.3:a:ultravnc:ultravnc::::::::
Vendors & Products		Ultravnc Ultravnc ultravnc
References		https://drive.google.com/file/d/14ixv_1i4D2VrZWyl4RKsvFcN1AMF_qNx/view https://vuldb.com/?ctiid.349754 https://vuldb.com/?id.349754 https://vuldb.com/?submit.767257
Metrics		cvssV2_0 `{'score': 6, 'vector': 'AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7, 'vector': 'CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Microsoft Windows

Ultravnc Ultravnc

Uvnc Ultravnc

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-08T23:02:06.940Z

Updated: 2026-03-10T20:26:30.164Z

Reserved: 2026-03-08T07:11:28.250Z

Link: CVE-2026-3787

Vulnrichment

Updated: 2026-03-10T20:26:24.529Z

NVD

Status : Analyzed

Published: 2026-03-08T23:15:50.690

Modified: 2026-03-10T18:51:45.517

Link: CVE-2026-3787

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-16T10:30:16Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity High

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object