CVE-2026-6213
Deferred Deferred - Pending Action
Remote Spark SparkView Local Connection Bypass Leading to Root Code Execution

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: Switzerland Government Common Vulnerability Program

Description
A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root on the server side. Depending on implementation the vulnerability can be exploited by an unauthenticated attacker.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-6213
EUVD
EUVD-2026-28542
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
remote_spark sparkview to 1122 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-807 The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
CWE-290 This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Remote Spark SparkView versions before build 1122. It allows an attacker to bypass the local connection check, which normally restricts access. By exploiting this flaw, the attacker can execute arbitrary code with root privileges on the server side. Depending on how the system is implemented, the attacker may not need to be authenticated to exploit this vulnerability.

Impact Analysis

The impact of this vulnerability is severe because it allows an attacker to gain root-level access to the server running Remote Spark SparkView. This means the attacker can execute any code they choose, potentially leading to full system compromise, data theft, data destruction, or disruption of services. Since exploitation may not require authentication, the risk of unauthorized access is high.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6213. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart