Name of the Vulnerable Software and Affected Versions:

LocalSend versions 1.16.1 and below

Description:

LocalSend is an open-source application designed for secure file and message sharing with nearby devices on local networks without requiring an internet connection. A critical Man-in-the-Middle (MitM) vulnerability exists in the software’s discovery protocol, allowing an unauthenticated attacker on the same local network to impersonate legitimate devices. This enables the attacker to silently intercept, read, and modify any file transfer, potentially leading to the theft of sensitive data or the injection of malware, such as ransomware. The attack is difficult to detect and relatively easy to implement, posing a significant security risk.

Recommendations:

Update to version 1.17.0 or later.