CVE-2026-27182
HIGHCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Tags
Description
Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending specially crafted UDP JSON frames to port 27000. Attackers on the local network can send malformed packets with unsanitized command data that the service forwards directly to OS execution functions, enabling remote code execution under the service account.
Analysis
Saturn Remote Mouse Server on local networks is vulnerable to unauthenticated command injection through specially crafted UDP JSON packets sent to port 27000, enabling attackers to execute arbitrary code with service account privileges. Affected systems lack input validation on command parameters, allowing network-adjacent threat actors to achieve remote code execution without authentication. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running Saturn Remote Mouse Server and isolate them from untrusted networks; block inbound UDP port 27000 at the firewall perimeter. Within 7 days: Conduct a threat hunt for indicators of compromise on affected systems; implement network segmentation to restrict access to port 27000 to authorized sources only. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today