CVE-2026-7830
Published: 01 July 2026
Summary
CVE-2026-7830 is a high-severity Inadequate Encryption Strength (CWE-326) vulnerability in Uvnc (inferred from references). Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 8.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-40882
Vulnerability details
UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme (rfbUltraVNC_MsLogonIIAuth). In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer (DH_MAX_BITS controls the prime size). A 64-bit DH key can…
more
be broken by Pollard's rho algorithm in under one second on current hardware. Additionally, the private exponent is generated by the rng() function, which multiplies three libc rand() values seeded from time(NULL). With approximately 31 bits of internal state and a time-based seed, the private exponent is recoverable in under a minute by a passive observer. A network attacker who can observe the MS-Logon II handshake (via sniffing, recording, or man-in-the-middle) can derive the shared DH key and decrypt the encapsulated username and password, resulting in full credential disclosure. This affects legacy MS-Logon II connections; MS-Logon III (X25519 + AES-256-GCM) is unaffected.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Weak DH/RNG in MS-Logon II directly enables passive or MITM observers to recover plaintext credentials from observed handshakes.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Establishment procedures require selection and generation of keys with adequate length and strength for the chosen algorithm.
Security associations share details on cryptographically weak PRNGs, helping avoid their implementation in security-critical functions.
Maintaining currency with technologies and practices reduces selection of encryption mechanisms that provide inadequate strength.
Updated assessments identify when previously adequate encryption strength no longer meets current attack capabilities or compliance drivers.
Specifies required cryptography types and parameters, preventing selection of inadequate encryption strength.
Prompt patching corrects inadequate encryption strength when vendors release updates that increase key sizes or algorithm security.