Remote Denial of Service Vulnerability in Deskflow by Deskflow
CVE-2026-44296

7.5HIGH

Key Information:

Vendor: Deskflow
Status: Deskflow
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-44296?

Deskflow, a popular keyboard and mouse sharing application, is susceptible to a remote, unauthenticated denial of service attack in versions prior to 1.26.0.167. When a malformed TCP connection attempts to establish a TLS handshake with the server, it leads to a blocking operation that stalls the handling of input for all connected clients. This disruption can impact the usability of the application significantly, as attackers can exploit this vulnerability to prevent input delivery by continually sending invalid handshake requests. The issue has been addressed in version 1.26.0.167, which mitigates this vulnerability effectively.

Affected Version(s)

deskflow < 1.26.0.167

References

https://github.com/deskflow/deskflow/security/advisories/...

x_refsource_CONFIRM

https://github.com/deskflow/deskflow/commit/329783490bd16...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
May 5, 2026

CVE-2026-44296 Data

JSON