CVE-2026-34352
Published: 26 March 2026
Summary
CVE-2026-34352 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Tigervnc Tigervnc. Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Screen Capture (T1113); ranked at the 15.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-4 (Information in Shared System Resources).
Deeper analysis
CVE-2026-34352 is a vulnerability in TigerVNC versions prior to 1.16.2, affecting the Image.cxx component within x0vncserver. It stems from incorrect permissions (CWE-732), enabling unauthorized access to screen contents. The issue carries a CVSS v3.1 base score of 8.5 (AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L), indicating high severity due to its potential for confidentiality violations, limited integrity and availability impacts, and scoped effects.
Local attackers with unprivileged access can exploit this vulnerability without requiring user interaction or elevated privileges. Successful exploitation allows them to observe or manipulate the victim's screen contents or trigger an application crash, potentially enabling screen scraping, limited tampering, or denial-of-service against the x0vncserver process.
Mitigation is addressed in TigerVNC 1.16.2, available via SourceForge downloads. The fixing commit is at https://github.com/TigerVNC/tigervnc/commit/0b5cab169d847789efa54459a87659d3fd484393, with announcements on the TigerVNC Google Group (https://groups.google.com/g/tigervnc-announce/c/anHL9WLshLI) and OSS-Security mailing list (https://www.openwall.com/lists/oss-security/2026/03/26/7). Security practitioners should prioritize upgrading affected systems.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-16468
Vulnerability details
In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Incorrect permissions in x0vncserver Image.cxx directly expose screen buffer contents to unprivileged local processes, enabling unauthorized screen scraping/capture without authentication or user interaction.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the specific flaw in Image.cxx by requiring timely patching to TigerVNC 1.16.2, which corrects the incorrect permissions.
Enforces system-wide logical access controls to prevent unprivileged local users from observing or manipulating screen contents due to improper permissions.
Prevents unauthorized information transfer via shared system resources, such as those mishandled by incorrect permissions in x0vncserver's Image.cxx.