Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-2168

NIXPKGS-2026-2168
published 6 hours ago
AnyDesk Support Information Link Following Denial-of-Service Vulnerability
Permalink CVE-2026-15682
4.7 MEDIUM
  • CVSS version (CVSS): 3.0
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 6 hours ago by @LeSuisse Activity log
  • Created suggestion
  • @LeSuisse accepted
  • @LeSuisse published on GitHub
AnyDesk Support Information Link Following Denial-of-Service Vulnerability

AnyDesk Support Information Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Send Support Information feature. By creating a junction, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-26645.

References

Affected products

AnyDesk
  • ==9.0.4

Matching in nixpkgs

pkgs.anydesk

Desktop sharing application, providing remote support and online meetings

Package maintainers