PatchSiren cyber security CVE debrief
CVE-2026-15682 AnyDesk CVE debrief
CVE-2026-15682 is a denial-of-service vulnerability in AnyDesk's support information feature. Local attackers with low-privileged code execution can exploit it by creating a junction to create arbitrary files, leading to a denial-of-service condition. This vulnerability requires an attacker to first obtain the ability to execute low-privileged code on the target system. Users should be aware of the potential impact and ensure they are running a version that has addressed this issue.
- Vendor
- AnyDesk
- Product
- Unknown
- CVSS
- MEDIUM 4.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of AnyDesk should be aware of this vulnerability and ensure they are running a version that has addressed this issue. This vulnerability may impact organizations that use AnyDesk for remote support or other purposes. Operators, platform administrators, and security teams should review the affected scope and take necessary actions to mitigate the vulnerability.
Technical summary
The vulnerability exists within the Send Support Information feature of AnyDesk. An attacker can leverage this vulnerability to create a denial-of-service condition on the system by creating a junction and abusing the service to create arbitrary files. This requires the attacker to first obtain the ability to execute low-privileged code on the target system. The CVSS score for this vulnerability is 4.7, indicating a medium severity.
Defensive priority
Medium priority due to the CVSS score of 4.7 and the requirement for local, low-privileged code execution.
Recommended defensive actions
- Inventory and verify the version of AnyDesk installed on all systems.
- Apply the vendor's remediation for this vulnerability.
- Implement compensating controls such as monitoring for suspicious activity related to the AnyDesk service.
- Consider restricting access to the AnyDesk service to only those who require it.
- Review relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
Evidence notes
The CVE record was published on 2026-07-13T22:16:45.630Z and has not been modified since then. The NVD entry is currently in the 'Received' status. Limited details are available about the specific affected versions of AnyDesk or the exact steps to exploit this vulnerability. Defenders should verify the affected scope and take necessary actions to mitigate the vulnerability.
Official resources
-
CVE-2026-15682 CVE record
CVE.org
-
CVE-2026-15682 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T22:16:45.630Z and has not been modified since then. The NVD entry is currently in the 'Received' status.