Vulnerability in Deskflow Keyboard and Mouse Sharing Application
CVE-2026-41477

7.8HIGH

Key Information:

Vendor: Deskflow
Status: Deskflow
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-41477?

Deskflow, a popular application for sharing keyboard and mouse functionalities, has an Improper Access Control vulnerability that exposes its daemon with WorldAccessOption enabled. Found in versions 1.20.0, 1.26.0.134, and earlier, this flaw allows local unprivileged users to send privileged commands. The daemon runs as SYSTEM, granting these attackers the ability to execute arbitrary commands without any authentication, potentially leading to serious security breaches.

Affected Version(s)

deskflow <= 1.26.0.134 <= 1.26.0.134

deskflow <= 1.20.0 <= 1.20.0

References

https://github.com/deskflow/deskflow/security/advisories/...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Apr 20, 2026

CVE-2026-41477 Data

JSON