HOMEVULNERABILITIESCVE-2026-8326
CRITICAL

CVE-2026-8326

CWE-23Published: May 29, 2026· Updated: May 29, 2026

10.0
CVSS v3.1
EPSS:0.09%probability of exploitation in 30 daysPercentile:25.9th

Official Description

Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection.  Depending on implementation, the vulnerability can be exploited by an unauthenticated attacker.

This issue affects SparkView: before build 1127.

NVD Source

Risk Analysis

This critical vulnerability in Remote Spark's SparkView, specifically affecting versions before build 1127, allows for path traversal through RDP drive redirection. This flaw enables an attacker to read and write arbitrary files as root, leading to remote code execution. With a CVSS score of 10.0, this presents an extremely severe risk.

No public exploit is currently known for this vulnerability. Depending on the implementation, it can be exploited by an unauthenticated attacker, making it remotely exploitable with low complexity.

Recommended Action

Users of SparkView should upgrade to build 1127 or newer to address this path traversal vulnerability. Implement strict validation and sanitization of file paths and user input, especially in features involving file system access or redirection.

Generated by the CTIWATCH analysis pipeline from this CVE's metadata (CVSS, EPSS, KEV status, exploit intelligence). Verify against vendor advisories before acting.

Technical Analysis

CVE-2026-8326 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityLow
Privileges Req.None
User InteractionNone
ScopeX
Impact
Confidentiality
Integrity
Availability
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (1)

Quick Facts

CVE IDCVE-2026-8326
CVSS Score10.0 / 10
SeverityCRITICAL
WeaknessCWE-23
CISA KEVNo
EPSS (30d)0.09%
PublishedMay 29, 2026

Related CVEs (CWE-23)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-8326 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.