CVE-2026-8326

Summary

Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection.  Depending on implementation, the vulnerability can be exploited by an unauthenticated attacker.

This issue affects SparkView: before build 1127.

Affected Software

VendorProductVersion RangeStatus
Remote Spark (https://www.remotespark.com/)SparkView0 < build 1127affected

Weaknesses

  • CWE-23: CWE-23 Relative path traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References