Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root on the server side. Depending on implementation the vulnerability can be exploited by an unauthenticated attacker.
AnalysisAI
Remote code execution as root in Remote Spark SparkView before build 1122 allows network attackers to bypass local connection authentication checks and execute arbitrary commands with maximum privileges. CVSS 4.0 assigns the maximum 10.0 score with network vector, low complexity, and no authentication required (AV:N/AC:L/PR:N). The vendor description explicitly warns that depending on implementation, unauthenticated attackers can exploit this flaw. EPSS and KEV data not provided, but the combination of trivial exploitation conditions and root-level impact makes this critical for any organization running affected SparkView builds.
Technical ContextAI
SparkView is a remote desktop/screen sharing solution by Remote Spark. The vulnerability stems from improper enforcement of local connection restrictions (CWE-807: Reliance on Untrusted Inputs in a Security Decision). The application appears to use client-supplied data to determine whether a connection originates locally, which attackers can spoof to bypass authentication intended only for local access. Once bypassed, the attacker gains code execution context with root privileges, indicating the SparkView service runs with elevated permissions on the host system. The CVSS 4.0 vector shows complete compromise across all security objectives (VC:H/VI:H/VA:H/SC:H/SI:H/SA:H), meaning both the vulnerable component and subsequent system are fully compromised.
RemediationAI
Upgrade immediately to Remote Spark SparkView build 1122 or later, as confirmed by the vendor advisory at https://www.remotespark.com/view/new.html. No workarounds are identified in available data. Until patching is complete, implement network-level access controls to restrict SparkView server exposure: bind the service to localhost only if remote access is not required, or restrict inbound connections to specific trusted IP ranges via firewall rules (note this reduces functionality and may not fully mitigate the bypass). For internet-facing deployments where remote access is required, consider placing SparkView behind a VPN or zero-trust network access solution that enforces authentication before network packets reach the vulnerable service, though this adds operational complexity and latency. Disable the SparkView service entirely if not actively required, as the root-level access makes any exposure unacceptable until patched.
More in Www Remotespark Com
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28542
GHSA-m9cx-2hp3-5j6q