Description
Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection.  Depending on implementation, the vulnerability can be exploited by an unauthenticated attacker.

This issue affects SparkView: before build 1127.
Published: 2026-05-29
Score: 10 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a path traversal flaw in the SparkView component that processes RDP drive redirection. An attacker can read or write any file in the server's file system with root privileges. This enables remote code execution. The weakness is identified as CWE‑23.

Affected Systems

The affected product is Remote Spark’s SparkView component, specifically builds before 1127. The vulnerability is publicly disclosed for versions earlier than build 1127.

Risk and Exploitability

The CVSS score of 10 indicates critical severity. No EPSS score is available, and the issue is not listed in CISA KEV. The problem can be exploited by an unauthenticated attacker that has RDP access to the system, using the vulnerable RDP drive redirection feature.

Generated by OpenCVE AI on May 29, 2026 at 13:23 UTC.

Remediation

Vendor Solution

Update to build 1127

OpenCVE Recommended Actions

  • Upgrade Remote Spark SparkView to build 1127 or later.
  • If an upgrade is not immediately possible, disable the RDP drive redirection feature to stop the path traversal vector.
  • Enforce authentication and restrict RDP sessions to trusted users only to reduce the likelihood of exploitation.

Generated by OpenCVE AI on May 29, 2026 at 13:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://www.remotespark.com/view/new.html cve-icon cve-icon
History

Fri, 29 May 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Remote Spark
Remote Spark sparkview
Vendors & Products Remote Spark
Remote Spark sparkview

Fri, 29 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 29 May 2026 12:45:00 +0000

Type Values Removed Values Added
Description Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection.  Depending on implementation, the vulnerability can be exploited by an unauthenticated attacker. This issue affects SparkView: before build 1127.
Title Remote Spark SparkView Path Traversal in RDP Drive Redirection leading to RCE
Weaknesses CWE-23
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Remote Spark Sparkview
cve-icon MITRE

Status: PUBLISHED

Assigner: NCSC.ch

Published:

Updated: 2026-05-29T13:34:00.474Z

Reserved: 2026-05-11T14:14:55.357Z

Link: CVE-2026-8326

cve-icon Vulnrichment

Updated: 2026-05-29T13:33:55.375Z

cve-icon NVD

Status : Deferred

Published: 2026-05-29T13:16:23.770

Modified: 2026-05-29T15:39:34.620

Link: CVE-2026-8326

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:46:44Z

Weaknesses