High severity8.5NVD Advisory· Published Mar 26, 2026· Updated Jun 4, 2026
CVE-2026-34352
CVE-2026-34352
Description
In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
28- osv-coords26 versionspkg:rpm/almalinux/tigervncpkg:rpm/almalinux/tigervnc-iconspkg:rpm/almalinux/tigervnc-licensepkg:rpm/almalinux/tigervnc-selinuxpkg:rpm/almalinux/tigervnc-serverpkg:rpm/almalinux/tigervnc-server-minimalpkg:rpm/almalinux/tigervnc-server-modulepkg:rpm/opensuse/tigervnc&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/tigervnc&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/tigervnc&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7pkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 1.15.0-6.el9_7.1+ 25 more
- (no CPE)range: < 1.15.0-6.el9_7.1
- (no CPE)range: < 1.15.0-6.el9_7.1
- (no CPE)range: < 1.15.0-6.el9_7.1
- (no CPE)range: < 1.15.0-6.el9_7.1
- (no CPE)range: < 1.15.0-6.el9_7.1
- (no CPE)range: < 1.15.0-6.el9_7.1
- (no CPE)range: < 1.15.0-6.el9_7.1
- (no CPE)range: < 1.13.1-150600.4.3.1
- (no CPE)range: < 1.15.0-160000.3.1
- (no CPE)range: < 1.16.1-2.1
- (no CPE)range: < 1.10.1-150400.7.15.1
- (no CPE)range: < 1.10.1-150400.7.15.1
- (no CPE)range: < 1.12.0-150500.4.3.1
- (no CPE)range: < 1.12.0-150500.4.3.1
- (no CPE)range: < 1.14.1-150700.4.3.1
- (no CPE)range: < 1.14.1-150700.4.3.1
- (no CPE)range: < 1.6.0-22.23.1
- (no CPE)range: < 1.10.1-150400.7.15.1
- (no CPE)range: < 1.12.0-150500.4.3.1
- (no CPE)range: < 1.13.1-150600.4.3.1
- (no CPE)range: < 1.15.0-160000.3.1
- (no CPE)range: < 1.10.1-150400.7.15.1
- (no CPE)range: < 1.12.0-150500.4.3.1
- (no CPE)range: < 1.13.1-150600.4.3.1
- (no CPE)range: < 1.15.0-160000.3.1
- (no CPE)range: < 1.6.0-22.23.1
Patches
Vulnerability mechanics
References
5- github.com/TigerVNC/tigervnc/commit/0b5cab169d847789efa54459a87659d3fd484393nvdPatch
- groups.google.com/g/tigervnc-announce/c/anHL9WLshLInvdMailing ListPatch
- www.openwall.com/lists/oss-security/2026/03/26/7nvdMailing ListThird Party Advisory
- sourceforge.net/projects/tigervnc/files/stable/1.16.2nvdRelease Notes
- github.com/TigerVNC/tigervnc/issues/2079nvd
News mentions
0No linked articles in our index yet.