CVE-2026-41527

EUVD-2026-24513
KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism (KUniqueService) for ensuring that only one instance is running.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.9 MEDIUM
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Debian logo
Debian Releases
Debian Product
Codename
kleopatra
bookworm
4:22.12.3-1
fixed
bullseye
4:20.08.3-1
fixed
forky
4:25.12.3-1
fixed
sid
4:25.12.3-1
fixed
trixie
4:24.12.3-1+deb13u1
fixed
Common Weakness Enumeration
References
https://commits.kde.org/kleopatra/73471abb92d99c56354adb582bfaec2764c22b79
https://github.com/KDE/kleopatra/releases
https://kde.org/info/security/advisory-20260408-1.txt