EUVD-2026-16468
GHSA-4vj5-vh2w-8g5j
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
Lifecycle Timeline
3Tags
Description
In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.
Analysis
TigerVNC x0vncserver versions prior to 1.16.2 expose screen contents to unauthorized local users through incorrect file permissions in Image.cxx, enabling information disclosure, screen manipulation, or denial of service. The vulnerability has CVSS 8.5 (High) with local attack vector requiring no privileges or user interaction, and scope change indicating potential impact beyond the vulnerable component. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: identify all systems running TigerVNC x0vncserver and document current version inventory; within 7 days: restrict local system access to trusted administrators only and review file permissions on TigerVNC-related directories as a temporary control; within 30 days: upgrade all affected instances to version 1.16.2 or later once vendor release is confirmed available, and test functionality in non-production environment before production deployment.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today