Primary

Context

Remote Spark SparkView Path Traversal Vulnerability Leading to Remote Code Execution

Vulnerability

Patched

A path traversal vulnerability has been identified in Remote Spark's SparkView component, prior to build 1127. This vulnerability allows for reading and writing arbitrary files in all directories with root privileges, ultimately leading to remote code execution. The issue arises within the RDP drive redirection feature and can be exploited by an unauthenticated attacker, depending on the implementation.

Impact

Exploitation of this vulnerability could result in unauthorized access to the file system, allowing an attacker to read or write files as the root user. This could be leveraged to execute malicious code on the server.

Remediation

Users can update to SparkView build 1127 or later, where this vulnerability has been addressed.

Added: May 29, 2026, 1:19 PM

Updated: May 29, 2026, 1:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

9.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

9.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Remote Spark SparkView Path Traversal Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Remote Spark SparkView

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating