CVE-2025-26326

Summary

CVE-2025-26326 is a vulnerability affecting the NVDA Remote (version 2.6.4) and Tele NVDA Remote (version 2025.3.3) add-ons. This issue allows unauthorized access to remote systems through weak passwords. The add-ons accept any password entered by the user without an additional authentication or verification mechanism, making it easy for attackers to guess passwords and gain total control. Tests reveal over 1,000 systems with weak passwords, increasing the risk of brute force attacks. Exploitation of this vulnerability grants the attacker full access to the affected system, enabling them to execute commands, modify files, and compromise user security.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.