AnyDesk
CVE-2026-15682
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Local access and precise junction race-window timing required (AV:L/AC:H/PR:L); impact confined to availability via service file corruption, no confidentiality or integrity effect.
Primary rating from Vendor (zdi).
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionNVD
AnyDesk Support Information Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Send Support Information feature. By creating a junction, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-26645.
AnalysisAI
AnyDesk's 'Send Support Information' feature is exploitable by local low-privileged attackers via a Windows junction (directory reparse point) attack that forces the AnyDesk service to write files to an attacker-chosen path, producing a denial-of-service condition. Affected installations span all tracked AnyDesk versions per the NVD CPE wildcard, with no confirmed fixed version at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the attacker has already obtained the ability to execute low-privileged code on the target system - the CVSS vector AV:L confirms that remote exploitation is not possible. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.0 base score of 4.7 (Medium) with vector AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H is internally consistent with the description: attack is local-only, requires low but non-zero privilege, and succeeds only under high complexity conditions (precise junction timing before path resolution). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A low-privileged local user on a Windows endpoint running AnyDesk identifies the temporary output directory used by the 'Send Support Information' export function. Before the AnyDesk service resolves and writes to that path, the attacker deletes the directory and replaces it with a Windows junction pointing to a sensitive system or application directory. … |
| Remediation | No vendor-released patch has been confirmed from available data; the fixed version is not specified in the NVD CPE entry or the ZDI advisory reference (https://www.zerodayinitiative.com/advisories/ZDI-26-401/). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execut
AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYS
Anydesk versions up to 5.4.0 contains a vulnerability that allows attackers to potentially inject malicious executables
AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own
AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerabilit
AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Cha
AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate cli
AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability. Rated high severity (CVSS 7.8),
AnyDesk 7.0.8 allows remote Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitabl
Denial-of-service in AnyDesk allows a local attacker with low-privileged code execution to crash or destabilize the appl
AnyDesk Link Following Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low
An issue was discovered in AnyDesk through 9.0.4. Rated high severity (CVSS 8.2), this vulnerability is remotely exploit
Same weakness CWE-59 – Improper Link Resolution Before File Access
View allShare
External POC / Exploit Code
Leaving vuln.today