CVE-2026-41526

CVE-2026-41526

Name

CVE-2026-41526

Description

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \x01 can be used during injection.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Product	https://github.com/KDE/kcoreaddons/blob/50d360736c399502fedf203e95482b0d0e5a3ea2/src/lib/util/kshell.h#L168
Product	https://github.com/KDE/kcoreaddons/blob/50d360736c399502fedf203e95482b0d0e5a3ea2/src/lib/util/kshell.h#L43-L49
Release Notes	https://github.com/KDE/kcoreaddons/releases/tag/v6.25.0
Product	https://invent.kde.org/frameworks/kcoreaddons/
Vendor Advisory	https://kde.org/info/security/advisory-20260427-1.txt

Type

URI

Product

https://github.com/KDE/kcoreaddons/blob/50d360736c399502fedf203e95482b0d0e5a3ea2/src/lib/util/kshell.h#L168

Product

https://github.com/KDE/kcoreaddons/blob/50d360736c399502fedf203e95482b0d0e5a3ea2/src/lib/util/kshell.h#L43-L49

Release Notes

https://github.com/KDE/kcoreaddons/releases/tag/v6.25.0

Product

https://invent.kde.org/frameworks/kcoreaddons/

Vendor Advisory

https://kde.org/info/security/advisory-20260427-1.txt

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:kde:kcoreaddons::::::::`	kcoreaddons	>= None	< 6.25.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:kde:kcoreaddons:*:*:*:*:*:*:*:*

kcoreaddons

>= None

< 6.25.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
kcoreaddons	edge-community	6.24.0-r1	team/kde <bribbers@disroot.org>	possibly vulnerable
kcoreaddons	edge-community	6.24.0-r0	team/kde <bribbers@disroot.org>	possibly vulnerable
kcoreaddons	edge-community	6.23.0-r1	team/kde <bribbers@disroot.org>	possibly vulnerable
kcoreaddons	edge-community	6.23.0-r0	team/kde <bribbers@disroot.org>	possibly vulnerable
kcoreaddons	edge-community	6.22.0-r1	team/kde <bribbers@disroot.org>	possibly vulnerable
kcoreaddons	edge-community	6.22.0-r0	team/kde <bribbers@disroot.org>	possibly vulnerable
kcoreaddons	edge-community	6.21.0-r0	team/kde <bribbers@disroot.org>	possibly vulnerable
kcoreaddons	edge-community	6.20.0-r0	team/kde <bribbers@disroot.org>	possibly vulnerable
kcoreaddons	edge-community	6.19.0-r2	team/kde <bribbers@disroot.org>	possibly vulnerable
kcoreaddons	edge-community	6.19.0-r1	team/kde <bribbers@disroot.org>	possibly vulnerable
kcoreaddons	edge-community	6.19.0-r0	team/kde <bribbers@disroot.org>	possibly vulnerable
kcoreaddons	edge-community	6.18.0-r0	team/kde <bribbers@disroot.org>	possibly vulnerable
kcoreaddons	edge-community	6.17.0-r0	team/kde <bribbers@disroot.org>	possibly vulnerable
kcoreaddons	edge-community	6.16.0-r0	team/kde <bribbers@disroot.org>	possibly vulnerable
kcoreaddons	edge-community	6.15.0-r0	team/kde <bribbers@disroot.org>	possibly vulnerable
kcoreaddons	edge-community	6.13.0-r0	team/kde <bribbers@disroot.org>	possibly vulnerable
kcoreaddons	edge-community	6.12.0-r0	team/kde <bribbers@disroot.org>	possibly vulnerable
kcoreaddons	edge-community	6.10.0-r0	team/kde <bribbers@disroot.org>	possibly vulnerable
kcoreaddons	edge-community	6.9.0-r0	team/kde <bribbers@disroot.org>	possibly vulnerable
kcoreaddons	edge-community	6.8.0-r0	team/kde <bribbers@disroot.org>	possibly vulnerable
kcoreaddons	3.23-community	6.19.0-r4	team/kde <bribbers@disroot.org>	possibly vulnerable
kcoreaddons	3.23-community	6.19.0-r3	team/kde <bribbers@disroot.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages