High severity8.4NVD Advisory· Published Feb 18, 2026· Updated Apr 15, 2026

CVE-2026-27182

Description

Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending specially crafted UDP JSON frames to port 27000. Attackers on the local network can send malformed packets with unsanitized command data that the service forwards directly to OS execution functions, enabling remote code execution under the service account.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstorm.news/files/id/215835/nvd
www.saturnremote.comnvd
www.vulncheck.com/advisories/saturn-remote-mouse-server-udp-command-injection-rcenvd

News mentions

No linked articles in our index yet.

cvss	0.546
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000