PULSE
EN VIVO18señales / 24h
FEED
ransomthegentlemen reclama a Military Sealift Command · US · Transportation/Logisticsransomthegentlemen reclama a Advantage Home Health Care · US · Healthcareransomthegentlemen reclama a Sunway Scientific · TW · Manufacturingransomqilin reclama a Cafar · AR · Agriculture and Food Productionransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturingransomakira reclama a Westcoast Communication Services · Telecommunicationransomakira reclama a Nesco Bus Maintenance · Transportation/Logisticsransomm3rx reclama a suppcentersa.com · ZA · Business Servicesransomm3rx reclama a arambol.co.uk · GB · Not Foundransomincransom reclama a Kyokuto Kaihatsu Kogyo · JP · Manufacturingransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Servicesransomthegentlemen reclama a Military Sealift Command · US · Transportation/Logisticsransomthegentlemen reclama a Advantage Home Health Care · US · Healthcareransomthegentlemen reclama a Sunway Scientific · TW · Manufacturingransomqilin reclama a Cafar · AR · Agriculture and Food Productionransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturingransomakira reclama a Westcoast Communication Services · Telecommunicationransomakira reclama a Nesco Bus Maintenance · Transportation/Logisticsransomm3rx reclama a suppcentersa.com · ZA · Business Servicesransomm3rx reclama a arambol.co.uk · GB · Not Foundransomincransom reclama a Kyokuto Kaihatsu Kogyo · JP · Manufacturingransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Services
← Todos los CVEs
CVE Watch17 jul 2026

CVE-2026-51082

A race condition between the vncproxy and vncwebsocket API calls in Proxmox Virtual Environment (PVE) 9.x pve-manager before 9.1.9 and 8.x b

CVSS

7.2

Alto

EPSS

KEV

Exploit Today

0

0-100

Publicado: 17 jul 2026 · Última mod.: 17 jul 2026 · CWE-362

EPSS · 30d

Sin historial EPSS suficiente todavía.

Descripción técnica

A race condition between the vncproxy and vncwebsocket API calls in Proxmox Virtual Environment (PVE) 9.x pve-manager before 9.1.9 and 8.x before 8.4.19; qemu-server 9.x before 9.1.7 and 8.x before 8.4.7; and pve-container before 6.1.3 (PVE 9.x) and before 5.3.4 (PVE 8.x) allows an attacker with privileges to call "vncproxy" to hijack a VNC session that is established in parallel by a different user for a different VM.

Referencias oficiales
CVEs relacionados
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2022-250908.1 ALT
95.4%
29Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition.9d
CVE-2026-506677.8 ALT
80.1%
24Concurrent execution using shared resource with improper synchronization ('race condition') in Windows NTFS allows an authorized attacker to elevate privileges locally.2d
CVE-2026-59477.5 ALT
69.2%
21Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached (as would occur during a query flood), and that same DNS message is discarded per the limit, there is a brief window of time while the SIG(0) validation may attempt to read the now-discarded DNS message. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.28 through 9.18.49 and 9.18.28-S1 through 9.18.49-S1 are NOT affected.3d
CVE-2026-561889.8 CRÍ
58.8%
18Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Network driver allows an unauthorized attacker to execute code over a network.3d
CVE-2026-503698.8 ALT
47.1%
14Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges over a network.2d
CVE-2026-566495.9 MED
46.6%
14Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Network File System allows an unauthorized attacker to execute code over a network.9h