Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.6
Saturn Remote Mouse Server allows malicious packets to run arbitrary commands
CVE-2026-27182
Summary
An attacker on the same network can send a special type of packet to the Saturn Remote Mouse Server, which can then run any command on the server. This means an attacker can potentially take control of the server. To prevent this, update the Saturn Remote Mouse Server to a patched version or configure the server to only accept packets from trusted sources.
Original title
Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending specially crafted UDP JSON frames to port 27000....
Original description
Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending specially crafted UDP JSON frames to port 27000. Attackers on the local network can send malformed packets with unsanitized command data that the service forwards directly to OS execution functions, enabling remote code execution under the service account.
nvd CVSS3.1
8.4
nvd CVSS4.0
8.6
Vulnerability type
CWE-306
Missing Authentication for Critical Function
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026