CVE-2026-41527 MEDIUM

CVE-2026-41527

Vendor Kde
Product Kleopatra
Weakness CWE-670
Published April 21, 2026
Last update April 22, 2026

CVSS base score

6.9/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism (KUniqueService) for ensuring that only one instance is running.

Key dates

02Disclosure timeline

April 21, 2026 CVE published
April 22, 2026 Record updated