CVE-2026-41477 — HIGH (7.8)

Q: How severe is CVE-2026-41477?

CVE-2026-41477 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-41477?

Check the references section above for vendor advisories and patch information. Affected products include: Deskflow Deskflow.

Vulnerability Description

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary commands as SYSTEM. Affects both stable v1.20.0 + and Continuous v1.26.0.134 prerelease.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Deskflow	Deskflow	>= 1.20.0, <= 1.26.0.161

Related Weaknesses (CWE)

CWE-306 CWE-862

References

https://github.com/deskflow/deskflow/security/advisories/GHSA-6rx5-g478-775cExploitPatchVendor Advisory
https://github.com/deskflow/deskflow/security/advisories/GHSA-6rx5-g478-775cExploitPatchVendor Advisory

FAQ

What is CVE-2026-41477?

CVE-2026-41477 is a vulnerability with a CVSS score of 7.8 (HIGH). Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes pri...

How severe is CVE-2026-41477?

CVE-2026-41477 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-41477?

Check the references section above for vendor advisories and patch information. Affected products include: Deskflow Deskflow.