CVE-2026-34352

🗓️ 26 Mar 2026 23:16:00Reported by ubuntu.comType

TigerVNC before 1.16.2 lets others view or modify the screen due to improper permissions in x0vncserver Image.cxx.

Reporter	Title	Published	Views	Family All 129
ATTACKERKB	CVE-2026-34352	26 Mar 202622:30	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : tigervnc, tigervnc-icons, tigervnc-license (ALAS2023-2026-1537)	13 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : tigervnc, --advisory ALAS2-2026-3231 (ALAS-2026-3231)	14 Apr 202600:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0108: tigervnc (ALINUX3-SA-2026:0108)	18 May 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : tigervnc (ALSA-2026:10739)	30 Apr 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : tigervnc (ALSA-2026:13414)	5 May 202600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : tigervnc (EulerOS-SA-2026-2230)	9 Jun 202600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : tigervnc (EulerOS-SA-2026-2267)	9 Jun 202600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP13 : tigervnc (EulerOS-SA-2026-2316)	10 Jun 202600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP13 : tigervnc (EulerOS-SA-2026-2359)	10 Jun 202600:00	–	nessus

OS	OS Version	Architecture	Package	Filename
Ubuntu	26.04	any	tigervnc	tigervnc_0_any.deb
Ubuntu	18.04	any	tigervnc	tigervnc_0_any.deb
Ubuntu	20.04	any	tigervnc	tigervnc_0_any.deb
Ubuntu	22.04	any	tigervnc	tigervnc_0_any.deb
Ubuntu	24.04	any	tigervnc	tigervnc_0_any.deb
Ubuntu	25.10	any	tigervnc	tigervnc_0_any.deb

Source	Link
cve	www.cve.org/CVERecord
groups	www.groups.google.com/g/tigervnc-announce/c/anHL9WLshLI
openwall	www.openwall.com/lists/oss-security/2026/03/26/7
github	www.github.com/TigerVNC/tigervnc/commit/0b5cab169d847789efa54459a87659d3fd484393
sourceforge	www.sourceforge.net/projects/tigervnc/files/stable/1.16.2

01 Apr 2026 04:14Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.18.5 - 9.8

EPSS0.00034

SSVC