How to fix EUVD-2026-21645?

Within 24 hours: Inventory all systems running KeePassXC and document current versions in use. Within 7 days: Restrict file system permissions on KeePassXC configuration directories to prevent unauthorized modification by low-privileged accounts; audit access logs for suspicious configuration file changes. Within 30 days: Monitor the KeePassXC project for patch availability and prepare deployment plan; consider evaluating alternative credential management solutions with stronger isolation controls if patch timeline extends beyond organizational risk tolerance.

Is OpenSSL affected by EUVD-2026-21645?

CVE-2026-4158 is a local privilege escalation vulnerability in KeePassXC that allows low-privileged users to execute arbitrary code with the privileges of whoever launches the application, potentially compromising stored credentials and sensitive data managed within KeePassXC.

EUVD-2026-21645

| CVE-2026-4158 HIGH

2026-04-11 zdi

7.3

CVSS 3.0

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 11, 2026 - 01:00 vuln.today

EUVD ID Assigned

Apr 11, 2026 - 01:00 euvd

EUVD-2026-21645

CVE Published

Apr 11, 2026 - 00:17 nvd

HIGH 7.3

Description

KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads configuration from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of KeePassXC when run by a target user on the system. Was ZDI-CAN-29156.

Analysis

Local privilege escalation in KeePassXC password manager allows authenticated attackers with low privileges to execute arbitrary code by exploiting insecure OpenSSL configuration file loading. When a target user launches KeePassXC, malicious configuration planted in an unsecured path is loaded, enabling code execution in KeePassXC's security context. …

Remediation

Within 24 hours: Inventory all systems running KeePassXC and document current versions in use. Within 7 days: Restrict file system permissions on KeePassXC configuration directories to prevent unauthorized modification by low-privileged accounts; audit access logs for suspicious configuration file changes. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +36

POC: 0

EUVD-2026-21645 vulnerability details – vuln.today

Back

EUVD-2026-21645

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-21645

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code