CVE-2026-4962 identifies a security vulnerability in UltraVNC versions 1.6.0 through 1.6.4.0, specifically within the Service component's version.dll library. The issue is an uncontrolled search path vulnerability, where the software improperly handles the loading of DLL files. This flaw allows an attacker with local access and low privileges to influence the DLL search order, potentially causing the system to load a malicious DLL instead of the legitimate one. This can lead to privilege escalation, code execution, or disruption of service. The attack complexity is high, requiring local access and no user interaction, making remote exploitation infeasible without prior compromise. The CVSS 4.0 base score is 7.3, reflecting high severity due to the potential impact on confidentiality, integrity, and availability, combined with the difficulty of exploitation. The vulnerability was responsibly disclosed to the vendor, who has not responded or issued a patch. Public exploits exist, increasing the risk of targeted attacks. No mitigations or patches have been officially released, leaving affected systems exposed. Organizations relying on UltraVNC for remote desktop services should be aware of this risk and take immediate protective measures.

The vulnerability poses a significant risk to organizations using UltraVNC for remote desktop access, especially in environments where local user accounts have limited privileges but access to the affected systems. Successful exploitation can lead to unauthorized code execution with elevated privileges, potentially allowing attackers to install malware, exfiltrate sensitive data, or disrupt services. The uncontrolled search path can be leveraged to load malicious DLLs, compromising system integrity and confidentiality. Although exploitation requires local access and is complex, the availability of public exploits increases the likelihood of targeted attacks, especially in environments with many users or shared workstations. The lack of vendor response and patches prolongs exposure, increasing the window of opportunity for attackers. Organizations with critical infrastructure or sensitive data accessed via UltraVNC are at higher risk, as attackers could leverage this vulnerability to gain footholds or escalate privileges within networks.

1. Restrict local access to systems running affected UltraVNC versions by enforcing strict access controls and limiting user privileges. 2. Implement application whitelisting and DLL load monitoring to detect and prevent unauthorized DLL injections or loads. 3. Use endpoint detection and response (EDR) tools to monitor for suspicious behaviors related to DLL hijacking or privilege escalation attempts. 4. Consider disabling or uninstalling UltraVNC on systems where it is not essential, or replace it with alternative remote access solutions that are actively maintained and patched. 5. Isolate systems running UltraVNC in segmented network zones to limit lateral movement if compromise occurs. 6. Regularly audit and review local user accounts and permissions to minimize the attack surface. 7. Stay alert for vendor updates or community patches and apply them promptly once available. 8. Educate users about the risks of local exploitation and enforce policies to prevent unauthorized software installations or modifications.