{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-34352", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-03-26T22:30:46.508Z", "datePublished": "2026-03-26T22:30:46.928Z", "dateUpdated": "2026-03-27T13:53:48.564Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "TigerVNC", "vendor": "TigerVNC", "versions": [{"lessThan": "1.16.2", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-26T22:37:28.411Z"}, "references": [{"url": "https://www.openwall.com/lists/oss-security/2026/03/26/7"}, {"url": "https://github.com/TigerVNC/tigervnc/commit/0b5cab169d847789efa54459a87659d3fd484393"}, {"url": "https://sourceforge.net/projects/tigervnc/files/stable/1.16.2"}, {"url": "https://groups.google.com/g/tigervnc-announce/c/anHL9WLshLI"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T13:28:49.782878Z", "id": "CVE-2026-34352", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T13:53:48.564Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34352", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-27T13:28:49.782878Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T13:28:53.233Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TigerVNC", "product": "TigerVNC", "versions": [{"status": "affected", "version": "0", "lessThan": "1.16.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.openwall.com/lists/oss-security/2026/03/26/7"}, {"url": "https://github.com/TigerVNC/tigervnc/commit/0b5cab169d847789efa54459a87659d3fd484393"}, {"url": "https://sourceforge.net/projects/tigervnc/files/stable/1.16.2"}, {"url": "https://groups.google.com/g/tigervnc-announce/c/anHL9WLshLI"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-26T22:37:28.411Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34352", "state": "PUBLISHED", "dateUpdated": "2026-03-27T13:53:48.564Z", "dateReserved": "2026-03-26T22:30:46.508Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-26T22:30:46.928Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tigervnc:tigervnc:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1D26886-0F31-44FB-8112-F07B18A7ACDA", "versionEndExcluding": "1.16.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions."}, {"lang": "es", "value": "En TigerVNC anterior a 1.16.2, Image.cxx en x0vncserver permite a otros usuarios observar o manipular el contenido de la pantalla, o causar un fallo de la aplicaci\u00f3n, debido a permisos incorrectos."}], "id": "CVE-2026-34352", "lastModified": "2026-04-02T20:16:16.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.3, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-26T23:16:20.903", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/TigerVNC/tigervnc/commit/0b5cab169d847789efa54459a87659d3fd484393"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch"], "url": "https://groups.google.com/g/tigervnc-announce/c/anHL9WLshLI"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://sourceforge.net/projects/tigervnc/files/stable/1.16.2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2026/03/26/7"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "cve@mitre.org", "type": "Primary"}]}

{"bugzilla": {"description": "TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions", "id": "2452022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452022"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-279", "details": ["A flaw was found in TigerVNC's x0vncserver component. Due to incorrect permissions in the Image.cxx file, other users on the system can observe or manipulate the screen contents of a running session. This vulnerability could also lead to an application crash, resulting in a Denial of Service (DoS)."], "mitigation": {"lang": "en:us", "value": "The x0vncserver component should be disabled if not actively required. If x0vncserver is necessary, ensure that only trusted users have access to the system where it is running. To disable the x0vncserver service, if it is running as a systemd service, you can use: `sudo systemctl stop x0vncserver.service` `sudo systemctl disable x0vncserver.service` If x0vncserver is launched manually, avoid running it in multi-user environments. A service restart or system reboot may be required for changes to take full effect."}, "name": "CVE-2026-34352", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "tigervnc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "tigervnc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "tigervnc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "tigervnc", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-26T22:30:46Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-34352\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-34352\nhttps://github.com/TigerVNC/tigervnc/commit/0b5cab169d847789efa54459a87659d3fd484393\nhttps://groups.google.com/g/tigervnc-announce/c/anHL9WLshLI\nhttps://sourceforge.net/projects/tigervnc/files/stable/1.16.2\nhttps://www.openwall.com/lists/oss-security/2026/03/26/7"], "threat_severity": "Moderate"}