CVE-2026-6213
Remote Spark SparkView Local Connection Bypass Leading to Root Code Execution
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: Switzerland Government Common Vulnerability Program
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| remote_spark | sparkview | to 1122 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-290 | This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. |
| CWE-807 | The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Remote Spark SparkView versions before build 1122. It allows an attacker to bypass the local connection check, which normally restricts access. By exploiting this flaw, the attacker can execute arbitrary code with root privileges on the server side. Depending on how the system is implemented, the attacker may not need to be authenticated to exploit this vulnerability.
How can this vulnerability impact me? :
The impact of this vulnerability is severe because it allows an attacker to gain root-level access to the server running Remote Spark SparkView. This means the attacker can execute any code they choose, potentially leading to full system compromise, data theft, data destruction, or disruption of services. Since exploitation may not require authentication, the risk of unauthorized access is high.