CyberSecurityNews

AnyDesk 0-Day Vulnerability Lets Attackers Trigger Denial-of-Service


A newly disclosed zero-day flaw in AnyDesk, tracked as CVE-2026-15682, allows local attackers to crash affected installations by abusing a core support feature, raising fresh concerns for organizations relying on the remote desktop tool for IT support and access management.

The vulnerability resides in AnyDesk’s Send Support Information feature, which is designed to help users share diagnostic data with support teams during troubleshooting sessions.

By creating a junction, a type of filesystem reparse point that redirects file operations, an attacker can trick the AnyDesk service into writing arbitrary files outside their intended location.

This file-write abuse ultimately causes the application or system to enter a denial-of-service (DoS) state, disrupting normal operation for legitimate users.

AnyDesk 0-Day Vulnerability

This flaw follows a pattern seen in earlier AnyDesk security issues, where filesystem manipulation techniques like symbolic links and reparse points were exploited to bypass access controls during session-related operations.

AnyDesk has previously dealt with vulnerabilities involving similar mechanisms, including a 2024 flaw where wallpaper handling and reparse points enabled privilege escalation rather than just service disruption.

According to the Zero Day Initiative advisory, the exploitation is not remote out of the box; an attacker must first gain the ability to execute low-privileged code on the target machine before triggering the junction-based file creation attack.

This local-access prerequisite lowers the overall risk compared to remotely exploitable flaws, but it remains dangerous in shared, multi-user, or already partially compromised environments where low-privilege footholds are common.

Denial-of-service flaws in remote access software are especially disruptive for IT help desks and managed service providers that depend on tools like AnyDesk for continuous remote support.

Given AnyDesk’s history of security incidents, including the 2024 production system breach that led to certificate revocations and forced updates, security teams are advised to treat any newly disclosed AnyDesk flaw with urgency.

Organizations should monitor official AnyDesk security advisories for a patch addressing this junction-based file-write issue and restrict local low-privilege access wherever remote desktop software is deployed.

Until a fix is confirmed, limiting who can execute code on systems running AnyDesk and monitoring for unusual junction or reparse point creation can reduce exposure to this denial-of-service vector.

 Strengthen Your SOC by Accelerating Threat Detection & Rapid Investigations. -> Integrate ANY.RUN With Your SOC Now.



Source link