Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-51082

UNKNOWN NVD
CVSS Score 0
Severity UNKNOWN
Published Jul 17, 2026
Vendor unknown

Description

A race condition between the vncproxy and vncwebsocket API calls in Proxmox Virtual Environment (PVE) 9.x pve-manager 9.1.x before 9.1.9 and 8.4.x before 8.4.19; qemu-server 9.1.x before 9.1.7 and 8.4.x before 8.4.7; and pve-container 6.1.x before 6.1.3 and 5.3.x before 5.3.4 allows an attacker with privileges to call "vncproxy" to hijack a VNC session that is established in parallel by a different user for a different VM.

References