Description
Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending specially crafted UDP JSON frames to port 27000. Attackers on the local network can send malformed packets with unsanitized command data that the service forwards directly to OS execution functions, enabling remote code execution under the service account.
References (3)
Core 3
Core References
Various Sources exploit
https://packetstorm.news/files/id/215835/
Various Sources product
https://www.saturnremote.com/
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/saturn-remote-mouse-server-udp-command-injection-rce
Scores
CVSS v3
8.4
EPSS
0.0121
EPSS Percentile
64.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (1)
saturnremote/Saturn Remote Mouse Server
Published
Feb 18, 2026
Tracked Since
Feb 19, 2026