Description

dde-control-center is the control panel of DDE, the Deepin Desktop Environment. plugin-deepinid is a plugin in dde-control-center, which provides the deepinid cloud service. Prior to 6.1.80, plugin-deepinid is configured to skip TLS certificate verification when fetching the user's avatar from openapi.deepin.com or other providers. An MITM attacker could intercept the traffic, replace the avatar with a malicious or misleading image, and potentially identify the user by the avatar. This vulnerability is fixed in dde-control-center 6.1.80 and 5.9.9.

INFO

Published Date :

2026-04-09T17:48:07.637Z

Last Modified :

2026-04-09T17:48:07.637Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-35207 vulnerability.

Vendors Products
Linuxdeepin
  • Dde-control-center
  • Deepin-deepinid-plugin
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-35207.

URL Resource
https://github.com/linuxdeepin/dde-control-center/commit/6fc206120be28d9eef7d72258662bcabb834367f cve-icon cve-icon
https://github.com/linuxdeepin/dde-control-center/commit/cd95b054ff10a35bc9284431631305bd56244b3d cve-icon cve-icon
https://github.com/linuxdeepin/dde-control-center/pull/3146 cve-icon cve-icon
https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-jf2h-4vqc-3jgc cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact