The specific flaw exists within the handling of screen recording files. By creating a junction, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-26591.
Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
| Link | Providers |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-26-400/ |
|
Tue, 14 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 13 Jul 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Anydesk
Anydesk anydesk |
|
| Vendors & Products |
Anydesk
Anydesk anydesk |
Mon, 13 Jul 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | AnyDesk Screen Recording Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of screen recording files. By creating a junction, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-26591. | |
| Title | AnyDesk Screen Recording Link Following Denial-of-Service Vulnerability | |
| Weaknesses | CWE-59 | |
| References |
| |
| Metrics |
cvssV3_0
|
Status: PUBLISHED
Assigner: zdi
Published:
Updated: 2026-07-14T12:48:29.853Z
Reserved: 2026-07-13T21:29:16.312Z
Link: CVE-2026-15681
Updated: 2026-07-14T12:48:25.823Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-14T13:00:04Z