A newly identified zero-day vulnerability in AnyDesk has been found to enable local attackers to induce a denial-of-service (DoS) condition on affected systems.
Tracked as CVE-2026-15682, the vulnerability is located within one of AnyDesk’s core technical support functionalities. Successful exploitation may disrupt the normal operation of the application or the underlying operating system, thereby preventing legitimate users from accessing remote connectivity services.
The flaw resides in AnyDesk’s “Send Support Information” functionality, which is designed to collect diagnostic data during troubleshooting procedures and transmit the relevant information to technical support teams.
However, an attacker who has obtained low-privileged local access to the system may create a filesystem junction and redirect the AnyDesk service’s file operations to unintended locations. By exploiting this behaviour, the attacker may cause the service to create arbitrary files outside the designated directory.
A junction is a type of reparse point used in the Windows operating system to redirect access from one directory to another filesystem path. If a highly privileged service follows a user-controlled junction without adequately validating the final destination, file operations may be redirected beyond the intended directory.
In the context of CVE-2026-15682, this arbitrary file-creation capability may be leveraged to force the application or the operating system into a denial-of-service state. As a consequence, the AnyDesk service may become unavailable, resulting in the interruption of remote connections established by legitimate users.
According to the available information, the vulnerability cannot be exploited directly over a network at the initial stage. An attacker must first obtain the ability to execute code with low-privileged user permissions on the targeted Windows system.
The exploitation process is considered highly complex and requires specific system, environmental or filesystem conditions to be present. Nevertheless, once the attacker has established an initial local code-execution foothold, no further user interaction is required.
The Computer Emergency Response Center recommends restricting local access to devices on which AnyDesk is installed, enforcing the principle of least privilege, monitoring the creation of suspicious junction and reparse point objects and reassessing the necessity of using the “Send Support Information” feature in sensitive information systems.
© 2011-2026 All rights reserved