CVE-2026-8326

Remote Spark SparkView Path Traversal in RDP Drive Redirection leading to RCE

CVSS 10 CRITICALEPSS 0.4%CWE-23

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 10EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

29 May 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an unauthenticated attacker. This issue affects SparkView: before build 1127.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected products

Remote Spark (https://www.remotespark.com/) · SparkView

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.remotespark.com/view/new.html