← volver
CVE-2026-8326

Remote Spark SparkView Path Traversal in RDP Drive Redirection leading to RCE

CVSS 10 CRITICALEPSS 0.4%CWE-23
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 10EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
29 may 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection.  Depending on implementation, the vulnerability can be exploited by an unauthenticated attacker. This issue affects SparkView: before build 1127.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Productos afectados
Remote Spark (https://www.remotespark.com/) · SparkView

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.remotespark.com/view/new.html