CVE-2026-42095EXPLOITEDPATCHED

kde · arianna

CVE-2026-42095: bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL.

Description

bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL.

Affected Products

Vendor	Product	Versions
kde	arianna	0

References

Related News (1 articles)

Tier C

VulDB17d ago

CVE-2026-42095 | KDE Arianna up to 26.04.0 bookserver missing authentication

→ No new info (linked only)

CVSS 3.14.0 MEDIUM

VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

26.04.1

CWECWE-306

PublishedApr 24, 2026

Last enriched17d agov2

Trending Score3

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHPRE-CVE

Multiple vulnerabilities in KDE Kdenlive and Okular allowing remote code execution, security bypass, data manipulation, information disclosure, and denial of service

Trending: 26

MEDIUMCVE-2026-45184

CVE-2026-45184: Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used.

Trending: 20

MEDIUMCVE-2026-41526

CVE-2026-41526: In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a

Trending: 11

MEDIUMCVE-2026-41525

CVE-2026-41525: KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to open folders outside of th

Trending: 8

MEDIUMCVE-2026-41527

CVE-2026-41527: KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there i

Trending: 3

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 24, 2026

Discovered by ZDM

Apr 24, 2026

Updated: severity, activelyExploited

Apr 24, 2026

Actively Exploited

Apr 24, 2026

Patch Available

Apr 24, 2026

Version History

Last enriched 17d ago

v2Tier C17d ago

Updated severity to CRITICAL, marked as actively exploited, and corrected exploit availability.

severityactivelyExploited

via VulDB

v117d ago

Initial creation