Description
Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.138, a remote memory-safety vulnerability in Deskflow's clipboard deserialization allows a connected peer to trigger an out-of-bounds read by sending a malformed clipboard update. The issue is in the implementation of src/lib/deskflow/IClipboard.cpp. This is reachable because ClipboardChunk::assemble() in src/lib/deskflow/ClipboardChunk.cpp validates only the outer clipboard transfer size. It does not validate the internal structure of the serialized clipboard blob, so malformed inner lengths reach IClipboard::unmarshall() unchanged. This vulnerability is fixed in 1.26.0.138.
Published: 2026-04-24
Score: 7.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Information disclosure via out‑of‑bounds read
Action: Immediate Patch
AI Analysis

Impact

Deskflow, a keyboard and mouse sharing application, contains a memory‑safety flaw in its clipboard deserialization routine. When a connected peer sends a malformed clipboard update, the outer size of the transfer is validated, but the internal structure of the serialized data is not. The unchecked internal lengths allow Deskflow to perform an out‑of‑bounds read during unmarshalling, potentially leaking arbitrary memory contents or causing a crash. This flaw does not directly enable code execution but can expose sensitive data or destabilize the application.

Affected Systems

All installations of Deskflow running a version earlier than 1.26.0.138 are affected. The vulnerability exists in the core clipboard handling code and applies to every release of the application prior to the patched version.

Risk and Exploitability

The CVSS v3 score of 7.4 signifies a high severity vulnerability. The EPSS score of less than 1% indicates that the likelihood of exploitation is currently very low, and the vulnerability is not listed in the CISA KEV catalog. The last known attack vector requires the attacker to be connected as a peer to the target Deskflow instance; the malicious payload is sent via the clipboard synchronization channel. Once connected, the attacker can send a crafted clipboard blob to trigger the vulnerability. Because the issue is remote within the peer connection, remediation should prioritize patching, while temporary mitigations can reduce exposure.

Generated by OpenCVE AI on April 28, 2026 at 05:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Deskflow to version 1.26.0.138 or later to eliminate the buffer overflow
  • If a patch cannot be applied immediately, disable or restrict automatic clipboard sharing so that only trusted peers can send updates
  • Apply network controls (e.g., firewall rules) to limit the Deskflow peer protocol to authorized hosts and monitor for anomalous clipboard traffic

Generated by OpenCVE AI on April 28, 2026 at 05:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:deskflow:deskflow:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Deskflow
Deskflow deskflow
Vendors & Products Deskflow
Deskflow deskflow

Fri, 24 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 24 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.138, a remote memory-safety vulnerability in Deskflow's clipboard deserialization allows a connected peer to trigger an out-of-bounds read by sending a malformed clipboard update. The issue is in the implementation of src/lib/deskflow/IClipboard.cpp. This is reachable because ClipboardChunk::assemble() in src/lib/deskflow/ClipboardChunk.cpp validates only the outer clipboard transfer size. It does not validate the internal structure of the serialized clipboard blob, so malformed inner lengths reach IClipboard::unmarshall() unchanged. This vulnerability is fixed in 1.26.0.138.
Title Deskflow: clipboard deserialization global-buffer-overflow
Weaknesses CWE-120
References
Metrics cvssV4_0

{'score': 7.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Deskflow Deskflow
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-24T20:15:40.568Z

Reserved: 2026-04-20T16:14:19.005Z

Link: CVE-2026-41476

cve-icon Vulnrichment

Updated: 2026-04-24T20:15:35.780Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T20:16:28.207

Modified: 2026-04-28T15:47:41.563

Link: CVE-2026-41476

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T09:17:47Z

Weaknesses