CVE 10 CRITICAL

Remote Spark SparkView Path Traversal in RDP Drive Redirection leading to RCE_CVE-2026-8326

May 29, 2026 invoker category_cve

10 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an unauthenticated attacker.

This issue affects SparkView: before build 1127.

AI Analysis

Path traversal vulnerability allowing arbitrary file read/write as root, leading to RCE

Basic Information

ID CVE-2026-8326

Source NCSC.ch

Published May 29, 2026 at 11:47

Modified May 29, 2026 at 13:34

Affected Product

Vendor Remote Spark

Product SparkView

Version before build 1127

Affected Versions Remote Spark (https://www.remotespark.com/) SparkView 0

CWE Classification

CWE-23

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor Remote Spark

Product SparkView

Version before build 1127

References

www.remotespark.com /view/new.html

{
    "lastseen": "",
    "description": "Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection.  Depending on implementation, the vulnerability can be exploited by an unauthenticated attacker.\n\nThis issue affects SparkView: before build 1127.",
    "published": "2026-05-29T11:47:02.652Z",
    "modified": "2026-05-29T13:34:00.474Z",
    "type": "cve",
    "title": "Remote Spark SparkView Path Traversal in RDP Drive Redirection leading to RCE",
    "source": "NCSC.ch",
    "references": "https://www.remotespark.com/view/new.html",
    "id": "CVE-2026-8326",
    "bulletinFamily": "",
    "cwe": [
        "CWE-23"
    ],
    "cvelist": null,
    "sourceData": "Remote Spark (https://www.remotespark.com/) SparkView 0",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SparkView",
    "version": "before build 1127",
    "vendor": "Remote Spark",
    "ai_description": "Path traversal vulnerability allowing arbitrary file read/write as root, leading to RCE",
    "ai_severity": "Critical",
    "ai_vendor": "Remote Spark",
    "ai_product": "SparkView",
    "ai_version": "before build 1127",
    "ai_score": 10
}

💭 Join the Security Discussion ❌ Cancel Reply