Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-41526
Analyzed
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-28 Apr, 2026 | 08:16
Updated At-05 May, 2026 | 17:25

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \x01 can be used during injection.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
KDE
kde
>>kcoreaddons>>Versions before 6.25.0(exclusive)
cpe:2.3:a:kde:kcoreaddons:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-150Primarycve@mitre.org
CWE ID: CWE-150
Type: Primary
Source: cve@mitre.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/KDE/kcoreaddons/blob/50d360736c399502fedf203e95482b0d0e5a3ea2/src/lib/util/kshell.h#L168cve@mitre.org
Product
https://github.com/KDE/kcoreaddons/blob/50d360736c399502fedf203e95482b0d0e5a3ea2/src/lib/util/kshell.h#L43-L49cve@mitre.org
Product
https://github.com/KDE/kcoreaddons/releases/tag/v6.25.0cve@mitre.org
Release Notes
https://invent.kde.org/frameworks/kcoreaddons/cve@mitre.org
Product
https://kde.org/info/security/advisory-20260427-1.txtcve@mitre.org
Vendor Advisory
Hyperlink: https://github.com/KDE/kcoreaddons/blob/50d360736c399502fedf203e95482b0d0e5a3ea2/src/lib/util/kshell.h#L168
Source: cve@mitre.org
Resource:
Product
Hyperlink: https://github.com/KDE/kcoreaddons/blob/50d360736c399502fedf203e95482b0d0e5a3ea2/src/lib/util/kshell.h#L43-L49
Source: cve@mitre.org
Resource:
Product
Hyperlink: https://github.com/KDE/kcoreaddons/releases/tag/v6.25.0
Source: cve@mitre.org
Resource:
Release Notes
Hyperlink: https://invent.kde.org/frameworks/kcoreaddons/
Source: cve@mitre.org
Resource:
Product
Hyperlink: https://kde.org/info/security/advisory-20260427-1.txt
Source: cve@mitre.org
Resource:
Vendor Advisory
Change History
0Changes found
Details not found