What is the CVSS score of CVE-2026-41525?

CVE-2026-41525 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-41525?

Yes, a patch is available for CVE-2026-41525. Update the affected software to the latest version immediately.

KDE Dolphin CVE-2026-41525

EUVD-2026-26003 MEDIUM

Incorrect Resource Transfer Between Spheres (CWE-669)

2026-04-28 mitre

Information Disclosure

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Lifecycle Timeline

Patch released

Apr 28, 2026 - 20:23 nvd

Patch available

Apr 28, 2026 - 09:01 EUVD

Analysis Generated

Apr 28, 2026 - 08:00 vuln.today

EUVD ID Assigned

Apr 28, 2026 - 07:30 euvd

EUVD-2026-26003

Analysis Generated

Apr 28, 2026 - 07:30 vuln.today

CVE Published

Apr 28, 2026 - 00:00 nvd

MEDIUM 6.5

DescriptionNVD

KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or executables. (By default, Dolphin will then prompt the user to determine if they want to launch a script or executable; however, the intended behavior is to block the attempted action, not present a consent prompt.)

AnalysisAI

KDE Dolphin before 25.12.3 allows sandboxed applications (running under Flatpak or AppArmor confinement) to bypass sandbox restrictions and open arbitrary files outside their containment boundary through the FileManager1 D-Bus protocol implementation. An attacker controlling a sandboxed application can exploit this to access sensitive files or execute scripts with user interaction, circumventing the intended isolation model.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-41525 vulnerability details – vuln.today

Back

KDE Dolphin CVE-2026-41525

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code