CVE-2021-44426: 
NixOS vulnerability analysis and mitigation

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5, identified as CVE-2021-44426. The vulnerability allows an attacker to upload arbitrary files to a victim's local ~/Downloads/ directory when the victim is using the AnyDesk Windows client to connect to a remote machine, and an attacker is also connected remotely with AnyDesk to the same remote machine. The upload occurs without any approval or action required from the victim (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type). The issue affects AnyDesk versions before 6.2.6 and 6.3.x versions before 6.3.5 specifically on Windows platforms (NVD).

The vulnerability allows attackers to plant malicious files in a victim's computer without their knowledge or consent. If exploited, an attacker can compromise the victim's computer by placing malware that could be used in subsequent attacks. This poses a significant security risk as files can be uploaded to the victim's Downloads directory without any prompt or approval mechanism (Argus).

The vulnerability has been fixed in AnyDesk version 6.2.6 and version 6.3.5 and later releases. Users are advised to upgrade to these or newer versions to protect against this vulnerability (NVD).