Description
A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root on the server side. Depending on implementation the vulnerability can be exploited by an unauthenticated attacker.
Published: 2026-05-08
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to bypass the local connection check in Remote Spark SparkView prior to build 1122 and execute arbitrary code with root privileges on the host. Depending on the configuration, the flaw can be exploited by an unauthenticated attacker, giving attacker unrestricted control.

Affected Systems

This issue affects Remote Spark's SparkView component on versions earlier than build 1122. The product is available from Remote Spark.

Risk and Exploitability

The CVSS score of 10 indicates critical severity. EPSS is not available and the vulnerability is not listed in CISA KEV, but the high severity coupled with the ability to achieve root execution suggests a high exploitation likelihood, especially if the application is exposed to external traffic. An attacker could simply access the gateway and trigger the bypass, resulting in complete compromise of the underlying system.

Generated by OpenCVE AI on May 8, 2026 at 10:20 UTC.

Remediation

Vendor Workaround

Customer can also set trustLocal = false in the gateway.conf as a workaround for this problem if they cannot update to build 1122 or later.

OpenCVE Recommended Actions

  • Upgrade Remote Spark SparkView to build 1122 or newer
  • If immediate upgrade is not possible, set trustLocal=false in gateway.conf as a workaround
  • Verify that the gateway accepts only local requests when the workaround is applied and monitor for unauthorized activity

Generated by OpenCVE AI on May 8, 2026 at 10:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://www.remotespark.com/view/new.html cve-icon cve-icon
History

Fri, 08 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 08 May 2026 09:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root on the server side. Depending on implementation the vulnerability can be exploited by an unauthenticated attacker.
Title Remote Spark SparkView RCE
Weaknesses CWE-290
CWE-807
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: NCSC.ch

Published:

Updated: 2026-05-08T12:45:06.500Z

Reserved: 2026-04-13T12:27:34.073Z

Link: CVE-2026-6213

cve-icon Vulnrichment

Updated: 2026-05-08T12:45:02.451Z

cve-icon NVD

Status : Received

Published: 2026-05-08T10:16:29.270

Modified: 2026-05-08T10:16:29.270

Link: CVE-2026-6213

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T10:30:06Z

Weaknesses