NoMachine

NoMachine, a remote desktop and access software provider, has a high-severity vulnerability (CVSS 7.8) that requires local access and low-level user privileges to exploit, but causes complete compromise of confidentiality, integrity, and availability once exploited. The vulnerability does not require user interaction and affects only the targeted system. Security teams should monitor for patches expected by June 6, 2026, and restrict local access privileges on systems running NoMachine until updates are available.