CVE-2026-41526
MEDIUM
6,5
Source: [email protected]
Attack Vector: local
Attack Complexity: high
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: low
Description
AI Translation Available
In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \x01 can be used during injection.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0001
Percentile
0,0th
Updated
Single Data Point
Only one EPSS measurement is available for this CVE. Trend analysis requires multiple data points over time.
150
Improper Neutralization of Escape, Meta, or Control Sequences
IncompleteCommon Consequences
Security Scopes Affected:
Integrity
Potential Impacts:
Execute Unauthorized Code Or Commands
Hide Activities
Unexpected State
Applicable Platforms
Technologies:
AI/ML
https://github.com/KDE/kcoreaddons/blob/50d360736c399502fedf203e95482b0d0e5a3ea…
https://github.com/KDE/kcoreaddons/blob/50d360736c399502fedf203e95482b0d0e5a3ea…
https://github.com/KDE/kcoreaddons/releases/tag/v6.25.0
https://invent.kde.org/frameworks/kcoreaddons/
https://kde.org/info/security/advisory-20260427-1.txt