{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-7831/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-07-01T03:33:25.314Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-7831","@id":"https://www.cve.org/CVERecord?id=CVE-2026-7831","description":"UltraVNC viewer through 1.8.2.2 contains an off-by-one stack buffer overflow in the RFB ServerInit message handler. In vncviewer/ClientConnection.cpp, when the server-supplied nameLength equals exactly 2024 the code declares a 2024-byte stack buffer _dn[2024] and calls ReadString(_dn, 2024). ReadString writes the NUL terminator at buf[length], i.e., _dn[2024], one byte past the end of the stack buffer. A malicious VNC server can trigger this condition by advertising a desktop name of length 2024"},"products":[{"@id":"cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"No fixed version is published yet; monitor the upstream advisory.","timestamp":"2026-07-01T03:33:25.314Z"}]}