CVE-2026-34352CRITICAL 8.5EPSS p15.7%

CVE-2026-34352CVE-2026-34352

tigervnc / tigervnc

Description

In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.

Scoring

CVSS 3.18.5 (CRITICAL)
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
EPSS0.25% probability of exploitation · percentile 15.7% · 2026-06-19T12:03:05Z
Published2026-03-26
Last modified2026-06-04

Underlying weaknesses· 1

CWE-732

References

  1. https://github.com/TigerVNC/tigervnc/commit/0b5cab169d847789efa54459a87659d3fd484393
  2. https://groups.google.com/g/tigervnc-announce/c/anHL9WLshLI
  3. https://sourceforge.net/projects/tigervnc/files/stable/1.16.2
  4. https://www.openwall.com/lists/oss-security/2026/03/26/7

1

TypeTargetConfidenceTier
WeaknessIncorrect Permission Assignment for Critical Resourcecwe-7320%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-32853
CVE
CVE-2026-32064
CVE
CVE-2026-44988
CVE
CVE-2026-11623
CVE
CVE-2026-50262
CVE
CVE-2026-43575
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.