← Back to CVEs
CVE-2026-27182
HIGH8.4
Description
Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending specially crafted UDP JSON frames to port 27000. Attackers on the local network can send malformed packets with unsanitized command data that the service forwards directly to OS execution functions, enabling remote code execution under the service account.
CVE Details
CVSS v3.1 Score8.4
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published2/18/2026
Last Modified2/19/2026
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-306
References
https://packetstorm.news/files/id/215835/(disclosure@vulncheck.com)
https://www.saturnremote.com/(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/saturn-remote-mouse-server-udp-command-injection-rce(disclosure@vulncheck.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.