{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41477", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-20T16:14:19.005Z", "datePublished": "2026-04-24T19:50:21.665Z", "dateUpdated": "2026-04-28T03:55:30.305Z"}, "containers": {"cna": {"title": "Deskflow: Local privilege escalation via unauthenticated IPC", "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "lang": "en", "description": "CWE-306: Missing Authentication for Critical Function", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-862", "lang": "en", "description": "CWE-862: Missing Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/deskflow/deskflow/security/advisories/GHSA-6rx5-g478-775c", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/deskflow/deskflow/security/advisories/GHSA-6rx5-g478-775c"}], "affected": [{"vendor": "deskflow", "product": "deskflow", "versions": [{"version": "<= 1.26.0.134", "status": "affected"}, {"version": "<= 1.20.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-24T19:50:21.665Z"}, "descriptions": [{"lang": "en", "value": "Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary commands as SYSTEM. Affects both stable v1.20.0 + and Continuous v1.26.0.134 prerelease."}], "source": {"advisory": "GHSA-6rx5-g478-775c", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/deskflow/deskflow/security/advisories/GHSA-6rx5-g478-775c", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T00:00:00+00:00", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-41477"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T03:55:30.305Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41477", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-27T13:10:50.798455Z"}}}], "references": [{"url": "https://github.com/deskflow/deskflow/security/advisories/GHSA-6rx5-g478-775c", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T13:10:51.937Z"}}], "cna": {"title": "Deskflow: Local privilege escalation via unauthenticated IPC", "source": {"advisory": "GHSA-6rx5-g478-775c", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "deskflow", "product": "deskflow", "versions": [{"status": "affected", "version": "<= 1.26.0.134"}, {"status": "affected", "version": "<= 1.20.0"}]}], "references": [{"url": "https://github.com/deskflow/deskflow/security/advisories/GHSA-6rx5-g478-775c", "name": "https://github.com/deskflow/deskflow/security/advisories/GHSA-6rx5-g478-775c", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary commands as SYSTEM. Affects both stable v1.20.0 + and Continuous v1.26.0.134 prerelease."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-24T19:50:21.665Z"}}}, "cveMetadata": {"cveId": "CVE-2026-41477", "state": "PUBLISHED", "dateUpdated": "2026-04-28T03:55:30.305Z", "dateReserved": "2026-04-20T16:14:19.005Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-24T19:50:21.665Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:deskflow:deskflow:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA59EEDC-F617-4625-8FA1-984C5E462436", "versionEndIncluding": "1.26.0.161", "versionStartIncluding": "1.20.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary commands as SYSTEM. Affects both stable v1.20.0 + and Continuous v1.26.0.134 prerelease."}], "id": "CVE-2026-41477", "lastModified": "2026-04-28T15:46:28.383", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-24T20:16:28.340", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://github.com/deskflow/deskflow/security/advisories/GHSA-6rx5-g478-775c"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://github.com/deskflow/deskflow/security/advisories/GHSA-6rx5-g478-775c"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}, {"lang": "en", "value": "CWE-862"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.26.0.134]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.20.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "deskflow", "source": "cna", "vendor": "deskflow"}, "product": "deskflow", "vendor": "deskflow"}], "analysis": {"en": {"generated_at": "2026-04-28T05:45:38.678536+00:00", "value": {"mitigation_remediation": ["Update Deskflow to a version that removes world\u2011accessible IPC or applies the vendor\u2019s patch.", "Reconfigure the Deskflow daemon to require authentication before accepting commands, or disable the IPC service altogether if it is not needed.", "As an interim workaround, restrict the named pipe permissions to allow only the Deskflow process or trusted administrators, or use a firewall rule to block local connections to the pipe."], "summary": {"action": "Immediate Patch", "impact": "Local privilege escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Deskflow application by Deskflow:deskflow. Versions 1.20.0, 1.26.0.134, and all earlier releases are impacted. Both the stable 1.20.0 release and the continuous 1.26.0.134 prerelease series contain the flaw.", "description_and_impact": "Deskflow is a keyboard and mouse sharing application that runs its daemon with SYSTEM privileges. In versions 1.20.0, 1.26.0.134 and earlier the daemon exposes an IPC named pipe that is world\u2011accessible. Because the daemon accepts privileged commands without authentication, any local unprivileged user can interact with that pipe and cause the daemon to execute arbitrary commands as SYSTEM. This flaw permits local privilege escalation and compromise of the host with full administrative rights.", "risk_and_exploitability": "With a CVSS score of 7.8 the flaw is considered high severity. The EPSS score of less than 1% indicates a low probability of exploitation at this time, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires a local unprivileged user on the same machine; the attacker would send a crafted request to the world\u2011accessible named pipe to trigger privileged commands. No network exposure is required, and no special privileges are needed beyond local user access. The attack vector is local, and the critical weakness lies in the lack of authentication and authorization for the IPC interface."}}}}, "created": "2026-04-27T20:20:37.738174+00:00", "updated": "2026-04-28T06:00:09.573455+00:00", "vendors": ["deskflow", "deskflow$PRODUCT$deskflow"]}