Cyber Resilience

CVE-2026-44988

High

Published: 27 May 2026

Published
27 May 2026
Modified
01 June 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0024 15.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-44988 is a high-severity Out-of-bounds Write (CWE-787) vulnerability. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique VNC (T1021.005); ranked at the 15.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter, but it does not reject Tight rectangles whose width is larger than…

more

2048 pixels. A malicious VNC server can send a crafted FramebufferUpdate rectangle using Tight encoding with NoZlib | ExplicitFilter and the Gradient filter. When a LibVNCClient-based client connects, the client processes the server-controlled rectangle width and writes beyond fixed-size Gradient buffers. This vulnerability is fixed with commit 5b270544b85233668b98161323297d418a8f5fd1.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1021.005 VNC Lateral Movement
Adversaries may use [Valid Accounts](https://attack.
Why these techniques?

Buffer overflow in VNC client library directly exploitable by malicious VNC server sending crafted Tight-encoded rectangles.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-49749Shared CWE-787
CVE-2016-20044Shared CWE-787
CVE-2026-41990Shared CWE-787
CVE-2026-33144Shared CWE-787
CVE-2026-23326Shared CWE-787
CVE-2026-23233Shared CWE-787
CVE-2024-43077Shared CWE-787
CVE-2025-27169Shared CWE-787
CVE-2019-25705Shared CWE-787
CVE-2024-53697Shared CWE-787

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References