Which versions of Neat VNC are affected by CVE-2026-42859?

Neat VNC library versions prior to 0.9.6 contain a critical remote code execution vulnerability affecting any VNC server implementation using this library.. A patch is available.

Neat VNC CVE-2026-42859

Q: What is the CVSS score of CVE-2026-42859?

CVE-2026-42859 has a CVSS 4.0 base score of 8.1 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

Q: How to fix or mitigate CVE-2026-42859?

Within 24 hours: Identify all systems running Neat VNC library versions <0.9.6 using dependency scanning and network asset inventory. Within 7 days: Contact your VNC vendor for patched versions and test updates in non-production environments; apply to version 0.9.6 or later as available. Within 30 days: Complete deployment of patched versions across all production VNC servers; implement network segmentation to restrict VNC access to trusted administrative networks only as interim protection.

EUVD-2026-29167 HIGH

Classic Buffer Overflow (CWE-120)

2026-05-11 GitHub_M

Buffer Overflow Denial Of Service

8.1

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Patch available

May 11, 2026 - 19:02 EUVD

Source Code Evidence Fetched

May 11, 2026 - 18:46 vuln.today

Analysis Generated

May 11, 2026 - 18:46 vuln.today

CVSS changed

May 11, 2026 - 18:22 NVD

8.1 (HIGH)

CVE Published

May 11, 2026 - 17:36 nvd

HIGH 8.1

DescriptionNVD

Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 (RSA-AES) or security type 129 (RSA-AES-256) handshake with an oversized client RSA public key, causing rsa_aes_send_challenge in src/auth/rsa-aes.c to overflow a 1024-byte on-stack buffer when encrypting the server challenge. This results in at least a denial of service via server crash. This vulnerability is fixed in 0.9.6.

AnalysisAI

Remote code execution and denial of service in Neat VNC library version <0.9.6 allows unauthenticated network attackers to overflow a 1024-byte stack buffer during RSA-AES security handshake. An attacker sends a crafted VNC security type 5 or 129 message with an oversized client RSA public key, triggering a stack buffer overflow in rsa_aes_send_challenge() when the server encrypts its challenge response. …

RemediationAI

Within 24 hours: Identify all systems running Neat VNC library versions <0.9.6 using dependency scanning and network asset inventory. Within 7 days: Contact your VNC vendor for patched versions and test updates in non-production environments; apply to version 0.9.6 or later as available. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Vendor StatusVendor

CVE-2026-42859 vulnerability details – vuln.today

Back

Neat VNC CVE-2026-42859

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Vendor StatusVendor

Share

Neat VNC CVE-2026-42859

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Vendor StatusVendor

Share

External POC / Exploit Code