CVE-2026-8326
CWE-23Published: May 29, 2026· Updated: May 29, 2026
Official Description
Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an unauthenticated attacker.
This issue affects SparkView: before build 1127.
Risk Analysis
This critical vulnerability in Remote Spark's SparkView, specifically affecting versions before build 1127, allows for path traversal through RDP drive redirection. This flaw enables an attacker to read and write arbitrary files as root, leading to remote code execution. With a CVSS score of 10.0, this presents an extremely severe risk.
No public exploit is currently known for this vulnerability. Depending on the implementation, it can be exploited by an unauthenticated attacker, making it remotely exploitable with low complexity.
Users of SparkView should upgrade to build 1127 or newer to address this path traversal vulnerability. Implement strict validation and sanitization of file paths and user input, especially in features involving file system access or redirection.
Technical Analysis
CVE-2026-8326 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
All References (1)
Quick Facts
Related CVEs (CWE-23)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-8326 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts