UltraVNC CVE applicability assessment
Overview
Recently, Common Vulnerabilities and Exposures (CVEs) were disclosed affecting UltraVNC, a third-party component Datto RMM uses for VNC-based remote control. This article covers Kaseya's response efforts, assessment of why these CVEs are not and were not exploitable in the Generally available configuration of Datto RMM as shipped, and Guidance to customers on next steps.
Background
Datto RMM previously bundled UltraVNC version 1.3.8.1. Six CVEs were disclosed against UltraVNC versions up to and including 1.8.2.2:
- CVE-2026-7829
- CVE-2026-7830
- CVE-2026-7831
- CVE-2026-7838
- CVE-2026-7839
- CVE-2026-7840
The version Datto RMM shipped fell within the affected range. In response, Datto RMM has updated the bundled component to UltraVNC 1.8.2.4, the current release, which resolves all of the above.
Assessment
Beyond updating the version, Datto RMM reviewed each CVE against how it implements UltraVNC. The CVEs fall into three groups:
| CVEs | Vulnerability type | Exploitable as shipped? |
|---|---|---|
| CVE-2026-7829, CVE-2026-7839, CVE-2026-7840 | Affects the UltraVNC Repeater component | No. Datto RMM does not install, invoke, or expose the Repeater component. |
| CVE-2026-7831, CVE-2026-7838 | Require a malicious or compromised VNC server configuration | No. Datto RMM does not invoke a standalone VNC viewer client, and connections are brokered entirely through the managed agent. |
| CVE-2026-7830 | Man-in-the-middle risk tied to the MS-Logon II protocol | No. Datto RMM does not negotiate or support MS-Logon II, and the VNC connection is limited to localhost, brokered through the agent rather than exposed over the network. |
Based on this review, Kaseya has determined that none of the six CVEs are exploitable in Datto RMM's implementation as deployed. However, out of an abundance of caution, Datto RMM updated the component to prevent the spread of vulnerable versions among our customer base, and prevent any potential downstream impact to customers leveraging this feature of Datto RMM.
Resolution steps taken in Datto RMM
Datto RMM replaced the bundled UltraVNC binaries with version 1.8.2.4 across all Datto RMM platforms. Because UltraVNC is delivered as a separate downloadable package rather than compiled into the agent, Datto RMM rolled out this update automatically to any account with the VNC integration enabled, without requiring a new agent release.
How to verify your version
On a managed device, check the .versionstamp file located at C:\Program Files (x86)\CentraStage\UltraVNC. It should read 1.8.2.4. If it doesn't, allow time for your device's next scheduled check-in, restart the Datto RMM Agent manually, or contact Support.
Recommended action
No action is required. If you previously disabled the VNC integration as a precaution, it's safe to re-enable it. Refer to Enable the VNC Integration
Related resources
Release Notes: UltraVNC Component update