CVE-2026-34352 PUBLISHED

Assigner: mitre
Reserved: 26.03.2026 Published: 26.03.2026 Updated: 27.03.2026

In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
CVSS Score: 8.5

Attack Vector	Local	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	Low
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	TigerVNC
Product	TigerVNC
Versions	Default: unaffected affected from 0 to 1.16.2 (excl.)

References

https://www.openwall.com/lists/oss-security/2026/03/26/7
https://github.com/TigerVNC/tigervnc/commit/0b5cab169d847789efa54459a87659d3fd484393
https://sourceforge.net/projects/tigervnc/files/stable/1.16.2
https://groups.google.com/g/tigervnc-announce/c/anHL9WLshLI

Problem Types

CWE-732 Incorrect Permission Assignment for Critical Resource CWE