Dde Control Center

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-35207 MEDIUM This Month

Man-in-the-middle attackers can intercept unverified TLS connections in dde-control-center versions prior to 6.1.80 and 5.9.9, allowing replacement of user avatar images fetched from openapi.deepin.com with malicious or misleading content, potentially enabling user identification or social engineering attacks. The vulnerability stems from disabled TLS certificate verification in the plugin-deepinid component and requires no authentication but does require user interaction to trigger avatar fetches.

Information Disclosure Dde Control Center Deepin Deepinid Plugin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-35207
EPSS 0% CVSS 5.4
MEDIUM This Month

Man-in-the-middle attackers can intercept unverified TLS connections in dde-control-center versions prior to 6.1.80 and 5.9.9, allowing replacement of user avatar images fetched from openapi.deepin.com with malicious or misleading content, potentially enabling user identification or social engineering attacks. The vulnerability stems from disabled TLS certificate verification in the plugin-deepinid component and requires no authentication but does require user interaction to trigger avatar fetches.

Information Disclosure Dde Control Center Deepin Deepinid Plugin
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy