VYPR
Medium severity6.5NVD Advisory· Published Apr 28, 2026· Updated May 5, 2026

CVE-2026-41526

CVE-2026-41526

Description

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \x01 can be used during injection.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • KDE/Kcoreaddonsreferences3 versions
    (expand)+ 2 more
    • (no CPE)
    • cpe:2.3:a:kde:kcoreaddons:*:*:*:*:*:*:*:*range: <6.25.0
    • (no CPE)range: <6.25

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.