CVE-2026-45184PATCHED

kde · kdenlive

CVE-2026-45184: Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used.

Description

Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used.

Affected Products

Vendor	Product	Versions
kde	kdenlive	0

References

Related News (1 articles)

Tier C

VulDB1d ago

CVE-2026-45184 | KDE Kdenlive up to 26.04.0 Project File inclusion of functionality from untrusted control sphere

→ No new info (linked only)

CVSS 3.16.5 MEDIUM

VectorCVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L

CISA KEV❌ No

Actively exploited❌ No

Patch available

26.04.1

CWECWE-829

PublishedMay 9, 2026

Last enriched1d agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHPRE-CVE

Multiple vulnerabilities in KDE Kdenlive and Okular allowing remote code execution, security bypass, data manipulation, information disclosure, and denial of service

Trending: 26

MEDIUMCVE-2026-41526

CVE-2026-41526: In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a

Trending: 11

MEDIUMCVE-2026-41525

CVE-2026-41525: KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to open folders outside of th

Trending: 8

MEDIUMCVE-2026-42095EXP

CVE-2026-42095: bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL.

Trending: 3

MEDIUMCVE-2026-41527

CVE-2026-41527: KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there i

Trending: 3

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 9, 2026

Discovered by ZDM

May 9, 2026

Updated: affectedVersions, severity, tags

May 10, 2026

Patch Available

May 10, 2026

Version History

Last enriched 1d ago

v2Tier C1d ago

Updated affected versions to include 26.04.0, changed severity to HIGH, and noted that no exploit exists.

affectedVersionsseveritytags

via VulDB

v11d ago

Initial creation