CVE-2026-50538

unknown
Published 2026-07-02 ยท Modified โ€”
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
โ€”

Description

LibVNCServer vulnerability

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker ยท View original โ†— ยท DFSG

CVE-2026-50538 NameCVE-2026-50538 DescriptionAttacker-controlled heap out-of-bounds write in libvncclient Tight decoder SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) Debian Bugs1138253 Vulnerable and fixed packages The table below lists information on source packages. Sourceโ€ฆ

CVE-2026-50538

NameCVE-2026-50538
DescriptionAttacker-controlled heap out-of-bounds write in libvncclient Tight decoder
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1138253

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libvncserver (PTS)bullseye0.9.13+dfsg-2+deb11u1vulnerable
bookworm0.9.14+dfsg-1+deb12u1vulnerable
trixie0.9.15+dfsg-1+deb13u1vulnerable
forky0.9.15+dfsg-5vulnerable
sid0.9.15+dfsg-6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libvncserversource(unstable)0.9.15+dfsg-61138253

Notes

[trixie] - libvncserver <no-dsa> (Minor issue)
https://github.com/LibVNC/libvncserver/security/advisories/GHSA-v9pm-47h4-jcq8

Home - Debian Security - Source (Git)

Apply commands

text fix
Notes
[trixie] - libvncserver <no-dsa> (Minor issue)https://github.com/LibVNC/libvncserver/security/advisories/GHSA-v9pm-47h4-jcq8

OS impact

debian Debian Mixed 5 releases
VersionStatusFixed in
trixie Affected โ€”
sid Fixed 0.9.15+dfsg-6
forky Fixed 0.9.15+dfsg-6
bullseye Affected โ€”
bookworm Affected โ€”
ubuntu Ubuntu Fixed 4 releases
VersionStatusFixed in
resolute Fixed 0.9.15+dfsg-3ubuntu0.2
questing Fixed 0.9.15+dfsg-1ubuntu0.2
noble Fixed 0.9.14+dfsg-1ubuntu0.2
jammy Fixed 0.9.13+dfsg-3ubuntu0.2

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.