CVE-2026-41476

Name of the Vulnerable Software and Affected Versions Deskflow versions prior to 1.26.0.138

Description A remote memory-safety issue in clipboard deserialization allows a connected peer to trigger an out-of-bounds read by sending a malformed clipboard update. The problem exists in the implementation of 'src/lib/deskflow/IClipboard.cpp' because the ClipboardChunk::assemble() function in 'src/lib/deskflow/ClipboardChunk.cpp' only validates the outer clipboard transfer size. Since the internal structure of the serialized clipboard blob is not validated, malformed inner lengths reach the IClipboard::unmarshall() function unchanged.

Recommendations Update to version 1.26.0.138.