{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-7839","assignerOrgId":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","state":"PUBLISHED","assignerShortName":"securin","dateReserved":"2026-05-05T07:30:58.064Z","datePublished":"2026-07-01T03:33:27.724Z","dateUpdated":"2026-07-09T04:35:44.027Z"},"containers":{"cna":{"title":"UltraVNC repeater ships hardcoded default admin password allowing unauthenticated admin access","descriptions":[{"lang":"en","value":"UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string \"adminadmi2\" as the admin password via strcpy_s(saved_password, 64, \"adminadmi2\"). The HTTP Basic-auth handler wi_decode_auth() checks this password without rate-limiting or lockout. Any remote attacker who can reach the repeater HTTP port (default TCP 80) can authenticate as administrator using the well-known default credential on a fresh or unmodified installation, gaining full control of the repeater configuration including allow/deny rules and session visibility."}],"affected":[{"vendor":"uvnc","product":"UltraVNC","versions":[{"version":"0","lessThanOrEqual":"1.8.2.2","status":"affected","versionType":"custom"}],"defaultStatus":"unaffected","modules":["repeater"]}],"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-798","lang":"en","description":"Use of Hard-coded Credentials"}]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":9.1,"baseSeverity":"CRITICAL"}}],"references":[{"url":"https://uvnc.com/","name":"UltraVNC project page","tags":["vendor-advisory"]},{"url":"https://github.com/ultravnc/UltraVNC","name":"UltraVNC source repository","tags":["product"]},{"url":"https://www.securin.io/zero-days/cve-2026-7839-hardcoded-default-admin-password-adminadmi2-ultravnc-repeater"}],"timeline":[{"time":"2026-06-02T00:00:00.000Z","lang":"en","value":"Vulnerability discovered during security audit"},{"time":"2026-06-17T00:00:00.000Z","lang":"en","value":"Reported to vendor (coordinated disclosure)"},{"time":"2026-09-15T00:00:00.000Z","lang":"en","value":"Planned public disclosure (90-day window)"}],"credits":[{"lang":"en","value":"Arjun Basnet, Securin (arjun.basnet@securin.io)","type":"finder"}],"source":{"discovery":"EXTERNAL","advisory":"Securin Security Advisory — FINDING-006"},"providerMetadata":{"orgId":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","shortName":"securin","dateUpdated":"2026-07-09T04:35:44.027Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-07-01T12:32:28.823292Z","id":"CVE-2026-7839","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-07-01T12:32:35.299Z"}}]}}