Skip to main content

Remote Spark SparkView CVE-2026-6213

| EUVDEUVD-2026-28542 CRITICAL
Reliance on Untrusted Inputs in a Security Decision (CWE-807)
2026-05-08 NCSC.ch GHSA-m9cx-2hp3-5j6q
10.0
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
May 08, 2026 - 12:15 vuln.today
CVSS changed
May 08, 2026 - 10:22 NVD
10.0 (CRITICAL)
CVE Published
May 08, 2026 - 09:04 nvd
UNKNOWN (no severity yet)
CVE Published
May 08, 2026 - 09:04 nvd
CRITICAL 10.0

DescriptionCVE.org

A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root on the server side. Depending on implementation the vulnerability can be exploited by an unauthenticated attacker.

AnalysisAI

Remote code execution as root in Remote Spark SparkView before build 1122 allows network attackers to bypass local connection authentication checks and execute arbitrary commands with maximum privileges. CVSS 4.0 assigns the maximum 10.0 score with network vector, low complexity, and no authentication required (AV:N/AC:L/PR:N). The vendor description explicitly warns that depending on implementation, unauthenticated attackers can exploit this flaw. EPSS and KEV data not provided, but the combination of trivial exploitation conditions and root-level impact makes this critical for any organization running affected SparkView builds.

Technical ContextAI

SparkView is a remote desktop/screen sharing solution by Remote Spark. The vulnerability stems from improper enforcement of local connection restrictions (CWE-807: Reliance on Untrusted Inputs in a Security Decision). The application appears to use client-supplied data to determine whether a connection originates locally, which attackers can spoof to bypass authentication intended only for local access. Once bypassed, the attacker gains code execution context with root privileges, indicating the SparkView service runs with elevated permissions on the host system. The CVSS 4.0 vector shows complete compromise across all security objectives (VC:H/VI:H/VA:H/SC:H/SI:H/SA:H), meaning both the vulnerable component and subsequent system are fully compromised.

RemediationAI

Upgrade immediately to Remote Spark SparkView build 1122 or later, as confirmed by the vendor advisory at https://www.remotespark.com/view/new.html. No workarounds are identified in available data. Until patching is complete, implement network-level access controls to restrict SparkView server exposure: bind the service to localhost only if remote access is not required, or restrict inbound connections to specific trusted IP ranges via firewall rules (note this reduces functionality and may not fully mitigate the bypass). For internet-facing deployments where remote access is required, consider placing SparkView behind a VPN or zero-trust network access solution that enforces authentication before network packets reach the vulnerable service, though this adds operational complexity and latency. Disable the SparkView service entirely if not actively required, as the root-level access makes any exposure unacceptable until patched.

Share

CVE-2026-6213 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy