CVE-2026-8326 | THREATINT

Description

Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an unauthenticated attacker. This issue affects SparkView: before build 1127.

PUBLISHED Reserved 2026-05-11 | Published 2026-05-29 | Updated 2026-05-29 | Assigner NCSC.ch

CRITICAL: 10.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-23 Relative path traversal

Product status

Default status

unaffected

Any version before build 1127

affected

Credits

Manuel Feifel of InfoGuard Labs finder

References

www.remotespark.com/view/new.html release-notes

cve.org (CVE-2026-8326)

nvd.nist.gov (CVE-2026-8326)

Download JSON