Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
6DescriptionCVE.org
bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL.
AnalysisAI
KDE Arianna's bookserver before version 26.04.1 allows local attackers to read arbitrary files over socket connections by guessing URLs without authentication, exploiting missing input validation on the bookserver endpoint. The vulnerability requires local access and does not affect confidentiality of other system components; no public exploit code or active exploitation has been identified.
Technical ContextAI
KDE Arianna's bookserver component exposes a socket-based interface for book content retrieval. The vulnerability stems from CWE-306 (Missing Authentication Check), where the socket listener fails to validate or authenticate requested URLs before serving file content. An attacker with local system access can directly connect to the bookserver socket and craft arbitrary file paths without needing valid credentials or authorization tokens, bypassing the authentication mechanism entirely. The socket-based architecture creates a local attack surface distinct from network-facing vulnerabilities.
RemediationAI
Upgrade KDE Arianna to version 26.04.1 or later; this is the primary vendor-released patch addressing the authentication bypass. Users unable to upgrade immediately should restrict local access to systems running Arianna where possible-disable multi-user login on shared machines or isolate Arianna to dedicated user accounts with minimal system privileges. Consider running Arianna in a confined environment (e.g., namespace/container) if it must coexist with untrusted local users. The socket-based bookserver can be disabled entirely if Arianna's offline book features are not required, eliminating the attack surface, though this removes core functionality. Patch availability is confirmed via KDE's official advisory (kde.org/info/security/advisory-20260424-1.txt) and upstream commits on the KDE GitLab instance.
Same technique Authentication Bypass
View allVendor StatusVendor
SUSE
Severity: LowShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25566
GHSA-7824-f4f9-2x77