CVE-2026-32854

HIGH

LibVNCServer httpd proxy NULL Pointer Dereference

Title source: cna

Description

LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled.

References (3)

[Vendor Advisory] https://github.com/LibVNC/libvncserver/security/advisories/GHSA-xjp8-4qqv-5x4x

[Patch] https://github.com/LibVNC/libvncserver/commit/dc78dee51a7e270e537a541a17befdf2073f5314

View Patch ZIP pw:eip

[Third Party Advisory] https://www.vulncheck.com/advisories/libvncserver-httpd-proxy-null-pointer-dereference

Scores

CVSS v3 7.5

EPSS 0.0158

EPSS Percentile 81.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (3)

LibVNC/LibVNCServer < 0.9.15

LibVNC/LibVNCServer dc78dee51a7e270e537a541a17befdf2073f5314

libvncserver_project/libvncserver < 0.9.15

Published Mar 24, 2026

Tracked Since Mar 24, 2026