Cyber Resilience

CVE-2026-34352

HighLPEUpdated

Published: 26 March 2026

Published
26 March 2026
Modified
04 June 2026
KEV Added
Patch
CVSS Score v3.1 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
EPSS Score 0.0025 15.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-34352 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Tigervnc Tigervnc. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Screen Capture (T1113); ranked at the 15.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-4 (Information in Shared System Resources).

Deeper analysis

CVE-2026-34352 is a vulnerability in TigerVNC versions prior to 1.16.2, affecting the Image.cxx component within x0vncserver. It stems from incorrect permissions (CWE-732), enabling unauthorized access to screen contents. The issue carries a CVSS v3.1 base score of 8.5 (AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L), indicating high severity due to its potential for confidentiality violations, limited integrity and availability impacts, and scoped effects.

Local attackers with unprivileged access can exploit this vulnerability without requiring user interaction or elevated privileges. Successful exploitation allows them to observe or manipulate the victim's screen contents or trigger an application crash, potentially enabling screen scraping, limited tampering, or denial-of-service against the x0vncserver process.

Mitigation is addressed in TigerVNC 1.16.2, available via SourceForge downloads. The fixing commit is at https://github.com/TigerVNC/tigervnc/commit/0b5cab169d847789efa54459a87659d3fd484393, with announcements on the TigerVNC Google Group (https://groups.google.com/g/tigervnc-announce/c/anHL9WLshLI) and OSS-Security mailing list (https://www.openwall.com/lists/oss-security/2026/03/26/7). Security practitioners should prioritize upgrading affected systems.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1113 Screen Capture Collection
Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation.
Why these techniques?

Incorrect permissions in x0vncserver Image.cxx directly expose screen buffer contents to unprivileged local processes, enabling unauthorized screen scraping/capture without authentication or user interaction.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2021-4480Shared CWE-732
CVE-2022-50931Shared CWE-732
CVE-2025-22454Shared CWE-732
CVE-2026-33430Shared CWE-732
CVE-2025-26595Same product: Tigervnc Tigervnc
CVE-2026-23648Shared CWE-732
CVE-2026-10840Shared CWE-732
CVE-2020-36938Shared CWE-732
CVE-2026-26102Shared CWE-732
CVE-2025-62575Shared CWE-732

Affected Assets

tigervnc
tigervnc
≤ 1.16.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the specific flaw in Image.cxx by requiring timely patching to TigerVNC 1.16.2, which corrects the incorrect permissions.

prevent

Enforces system-wide logical access controls to prevent unprivileged local users from observing or manipulating screen contents due to improper permissions.

prevent

Prevents unauthorized information transfer via shared system resources, such as those mishandled by incorrect permissions in x0vncserver's Image.cxx.

References