AnyDesk Zero-Day Vulnerability Enables Denial-of-Service Attacks

A recently disclosed zero-day vulnerability in AnyDesk, identified as CVE-2026-15682, allows local attackers to induce a denial-of-service (DoS) condition by exploiting the application’s Send Support Information feature. This flaw raises significant concerns for organizations that rely on AnyDesk for remote desktop access and IT support.

The vulnerability stems from the misuse of the Send Support Information function, which is intended to assist users in sharing diagnostic data with support teams. Attackers can create a junction—a type of filesystem reparse point that redirects file operations—to manipulate the AnyDesk service into writing files to unintended locations. This manipulation can disrupt normal operations, leading to a DoS state that affects legitimate users.

Technical Details and Exploitation

To exploit this vulnerability, an attacker must first gain the ability to execute low-privileged code on the target system. Once this access is obtained, the attacker can create a junction to redirect file operations, causing the AnyDesk service to create arbitrary files. This action disrupts the application’s functionality, resulting in a denial-of-service condition. Notably, this vulnerability does not impact the confidentiality or integrity of data but can significantly affect system availability.

The Zero Day Initiative (ZDI) has assigned a CVSS score of 4.7 to this vulnerability, indicating a medium severity level. Despite multiple attempts to contact the vendor, no fix or detailed response has been provided, leading to the public disclosure of this advisory. As of now, no specific versions or patches have been identified to address this issue.

Mitigation Recommendations

In the absence of an official fix, organizations are advised to restrict interaction with the AnyDesk application to trusted users and environments. Limiting local low-privilege access can help prevent potential exploitation. Additionally, monitoring for unusual junction or reparse point creation can aid in early detection of exploitation attempts. It is crucial to stay updated with official AnyDesk security advisories for any future patches or remediation guidance.

This vulnerability underscores the importance of proactive security measures and vigilant monitoring, especially for tools that provide remote access capabilities. Organizations should assess their current security protocols and consider implementing additional safeguards to mitigate the risks associated with such vulnerabilities.