CVE-2026-41527PATCHED

kde · kleopatra

CVE-2026-41527: KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there i

Description

KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism (KUniqueService) for ensuring that only one instance is running.

Affected Products

Vendor	Product	Versions
kde	kleopatra	0

References

Related News (1 articles)

Tier C

VulDB19d ago

CVE-2026-41527 | KDE Kleopatra up to 26.7.x on Windows control flow

→ No new info (linked only)

CVSS 3.16.9 MEDIUM

VectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

CISA KEV❌ No

Actively exploited❌ No

Patch available

26.08.0

CWECWE-670

PublishedApr 21, 2026

Last enriched19d agov2

Trending Score3

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHPRE-CVE

Multiple vulnerabilities in KDE Kdenlive and Okular allowing remote code execution, security bypass, data manipulation, information disclosure, and denial of service

Trending: 26

MEDIUMCVE-2026-45184

CVE-2026-45184: Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used.

Trending: 20

MEDIUMCVE-2026-41526

CVE-2026-41526: In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a

Trending: 11

MEDIUMCVE-2026-41525

CVE-2026-41525: KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to open folders outside of th

Trending: 8

MEDIUMCVE-2026-42095EXP

CVE-2026-42095: bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL.

Trending: 3

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 21, 2026

Discovered by ZDM

Apr 21, 2026

Updated: affectedVersions, severity

Apr 22, 2026

Patch Available

Apr 22, 2026

Version History

Last enriched 19d ago

v2Tier C19d ago

Updated affected versions to 26.7.x, changed severity to HIGH, and corrected exploit availability to false.

affectedVersionsseverity

via VulDB

v119d ago

Initial creation