HarborGuard / CVE
Back to search
CRITICALCVE-2026-8326Published Modified CNA NCSC.ch

CVE-2026-8326: Remote Spark SparkView Path Traversal in RDP Drive Redirection leading to RCE

Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection.  Depending on implementation, the vulnerability can be exploited by an unauthenticated attacker. This issue affects SparkView: before build 1127.

HarborGuard Analysis

HarborGuard analysis

Synopsis

A path-traversal flaw in Remote Spark SparkView's RDP drive redirection component lets an attacker read and write arbitrary files as root, which leads to remote code execution. The bug is reachable over the network with no authentication and no user interaction, and depending on deployment can be triggered by a fully unauthenticated attacker. A patched-image rebuild at build 1127 is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: SparkView builds prior to 1127 are matched against customer registries and CI pipelines within minutes of advisory ingest from upstream feeds. Coverage extends to custom-built images that embed SparkView, not just vendor base layers.

Available
Triage

Triage is available with the CVSS v4.0 score of 10.0 (Critical) carried through to each customer org, then weighted against that org's compliance policy (exposure, data sensitivity, regulated workloads). Findings are routed to the appropriate inbox so critical, unauthenticated RCEs surface ahead of lower-priority noise.

Available
Patch

A patched-image rebuild at SparkView build 1127 is available on HarborGuard for environments running an affected version. For customers who opt into auto-remediation, the rebuild is produced, a regression test run is executed, and a PR is opened against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the SparkView service over the network (AV:N).

  • AuthenticationNot required

    No credentials are needed; depending on deployment the path traversal is reachable by an unauthenticated attacker (PR:N).

  • Victim interactionNot required

    No user action is needed to trigger the flaw (UI:N).

  • Attack complexityDetail

    Attack complexity is low: exploitation is reliable and free of race conditions or environmental prerequisites (AC:L).

Blast Radius

  • Reads arbitrary files on the host as root, including configuration, credentials, and key material.
  • Writes arbitrary files anywhere on the filesystem, which is escalated into remote code execution as root.
  • Full compromise of the SparkView host with confidentiality, integrity, and availability all fully impacted.
  • Scope changes propagate downstream (SC:H/SI:H/SA:H), so connected systems and brokered RDP sessions are also at risk.

How HarborGuard Handles This

Available on HarborGuard: a rebuilt SparkView image at build 1127, with auto-remediation customers receiving an automated rebuild, regression test run, and a PR opened against affected workloads. Median time from CVE publication to merged patch PR for critical-severity issues like this one is around 90 minutes in environments with auto-remediation enabled; for environments where compliance policy blocks auto-merge, the rebuilt image and PR are still staged for manual review, and compensating controls (restricting network reachability to the SparkView service, disabling RDP drive redirection where feasible) are surfaced alongside the finding.

See how HarborGuard automates this

Metrics

CVSS v4.0
10.0
Severity
CRITICAL
Fixed in
build 1127
Affected Products
1

Fix available

build 1127
Affected packages
  • Remote Spark (https://www.remotespark.com/) / SparkView
    < build 1127 (from 0)
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
References