Skip to main content

AnyDesk CVE-2026-15682

MEDIUM
Improper Link Resolution Before File Access (CWE-59)
2026-07-13 zdi
5.5
CVSS 3.1 · NVD
Share

Severity by source

Vendor (zdi) PRIMARY
MEDIUM
qualitative
NVD
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
4.7 MEDIUM

Local access and precise junction race-window timing required (AV:L/AC:H/PR:L); impact confined to availability via service file corruption, no confidentiality or integrity effect.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (zdi).

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
CVSS changed
Jul 14, 2026 - 21:07 NVD
4.7 (MEDIUM) 5.5 (MEDIUM)
Analysis Generated
Jul 13, 2026 - 22:13 vuln.today

DescriptionNVD

AnyDesk Support Information Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the Send Support Information feature. By creating a junction, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-26645.

AnalysisAI

AnyDesk's 'Send Support Information' feature is exploitable by local low-privileged attackers via a Windows junction (directory reparse point) attack that forces the AnyDesk service to write files to an attacker-chosen path, producing a denial-of-service condition. Affected installations span all tracked AnyDesk versions per the NVD CPE wildcard, with no confirmed fixed version at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Obtain low-privileged local shell
Delivery
Identify AnyDesk support info output path
Exploit
Remove target directory, place junction to sensitive path
Install
Trigger Send Support Information export
C2
AnyDesk service writes through junction to attacker-chosen target
Execute
Corrupt target directory or files
Impact
Cause denial-of-service condition

Vulnerability AssessmentAI

Exploitation Exploitation requires that the attacker has already obtained the ability to execute low-privileged code on the target system - the CVSS vector AV:L confirms that remote exploitation is not possible. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.0 base score of 4.7 (Medium) with vector AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H is internally consistent with the description: attack is local-only, requires low but non-zero privilege, and succeeds only under high complexity conditions (precise junction timing before path resolution). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged local user on a Windows endpoint running AnyDesk identifies the temporary output directory used by the 'Send Support Information' export function. Before the AnyDesk service resolves and writes to that path, the attacker deletes the directory and replaces it with a Windows junction pointing to a sensitive system or application directory. …
Remediation No vendor-released patch has been confirmed from available data; the fixed version is not specified in the NVD CPE entry or the ZDI advisory reference (https://www.zerodayinitiative.com/advisories/ZDI-26-401/). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2020-13160 CRITICAL POC
9.8 Jun 09

AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execut

CVE-2016-20094 HIGH POC
8.5 Jun 19

AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYS

CVE-2019-25261 HIGH POC
7.8 Feb 03

Anydesk versions up to 5.4.0 contains a vulnerability that allows attackers to potentially inject malicious executables

CVE-2022-32450 HIGH POC
7.1 Jul 18

AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own

CVE-2017-14397 CRITICAL
9.8 Sep 12

AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerabilit

CVE-2021-40854 HIGH
7.8 Oct 14

AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Cha

CVE-2020-27614 HIGH
7.8 Dec 09

AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate cli

CVE-2018-13102 HIGH
7.8 Jul 03

AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability. Rated high severity (CVSS 7.8),

CVE-2023-26509 HIGH
7.5 Jul 03

AnyDesk 7.0.8 allows remote Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitabl

CVE-2026-15681 MEDIUM
5.5 Jul 13

Denial-of-service in AnyDesk allows a local attacker with low-privileged code execution to crash or destabilize the appl

CVE-2024-12754 MEDIUM
5.5 Dec 30

AnyDesk Link Following Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low

CVE-2025-27919 HIGH POC
8.2 Nov 06

An issue was discovered in AnyDesk through 9.0.4. Rated high severity (CVSS 8.2), this vulnerability is remotely exploit

Share

CVE-2026-15682 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy