What is CVE-2026-41477?

CVE-2026-41477 is a high-severity vulnerability in Deskflow, classified under Missing Authentication for Critical Function. CVSS score: 7.8/10. Published 2026-04-24.

How severe is CVE-2026-41477?

High severity. CVSS v3 base score is 7.8 out of 10.

Auth bypass in Deskflow

CVE-2026-41477

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication…

Vulnerability class: Broken Authentication

EPSS: 0.000 (0.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Deskflow — versions <= 1.26.0.134, <= 1.20.0

Weakness classification (CWE)

References

https://github.com/deskflow/deskflow/security/advisories/GHSA-6rx5-g478-775c (x_refsource_CONFIRM, Exploit, Patch, Vendor Advisory)

Frequently asked questions

What is CVE-2026-41477?: CVE-2026-41477 is a high-severity vulnerability in Deskflow, classified under Missing Authentication for Critical Function. CVSS score: 7.8/10. Published 2026-04-24.
How severe is CVE-2026-41477?: High severity. CVSS v3 base score is 7.8 out of 10.