Is Deskflow affected by CVE-2026-41477?

Deskflow versions up to 1.20.0 (stable) and 1.26.0.134 (continuous) contain a local privilege escalation vulnerability that allows any low-privilege Windows user to execute arbitrary commands as SYSTEM through an improperly secured inter-process communication channel.

Deskflow CVE-2026-41477

EUVD-2026-25623 HIGH

Missing Authentication for Critical Function (CWE-306)

2026-04-24 GitHub_M

Authentication Bypass Suse

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 27, 2026 - 14:22 vuln.today

cvss_changed

Analysis Generated

Apr 24, 2026 - 20:31 vuln.today

DescriptionNVD

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary commands as SYSTEM. Affects both stable v1.20.0 + and Continuous v1.26.0.134 prerelease.

AnalysisAI

Local privilege escalation in Deskflow (all versions up to 1.20.0 stable and 1.26.0.134 continuous) allows any low-privilege Windows user to execute arbitrary commands as SYSTEM by accessing an unauthenticated IPC named pipe. The daemon runs with SYSTEM privileges and processes commands without validating caller identity due to WorldAccessOption configuration. …

RemediationAI

Within 24 hours: Identify all Windows systems running Deskflow versions ≤1.20.0 stable or ≤1.26.0.134 continuous via asset inventory and disable Deskflow services until patching is possible. Within 7 days: Monitor vendor advisory channels (Deskflow GitHub releases and security advisories) for patch availability; test patch in isolated environment immediately upon release. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-6920 CRITICAL Act Now

9.6 Apr 23

Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromi

CVE-2026-6919 CRITICAL Act Now

9.6 Apr 23

Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the re

CVE-2026-41196 CRITICAL Act Now

9.0 Apr 23

Remote code execution in Luanti 5.0.0 through 5.15.1 allows authenticated attackers to escape the Lua sandbox via malici

CVE-2026-6921 HIGH This Week

8.3 Apr 23

Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandb

CVE-2026-41323 HIGH This Week

8.1 Apr 24

Kyverno's apiCall feature automatically attaches the admission controller's ServiceAccount token to HTTP requests withou

Vendor StatusVendor

CVE-2026-41477 vulnerability details – vuln.today

Back

Deskflow CVE-2026-41477

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code