CVE-2026-41527 | THREATINT

Description

KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism (KUniqueService) for ensuring that only one instance is running.

PUBLISHED Reserved 2026-04-20 | Published 2026-04-21 | Updated 2026-04-22 | Assigner mitre

MEDIUM: 6.9CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

Problem types

CWE-670 Always-Incorrect Control Flow Implementation

Product status

Default status

unaffected

Any version before 26.08.0

affected

References

github.com/KDE/kleopatra/releases

commits.kde.org/.../73471abb92d99c56354adb582bfaec2764c22b79

kde.org/info/security/advisory-20260408-1.txt

cve.org (CVE-2026-41527)

nvd.nist.gov (CVE-2026-41527)

Download JSON