KDE Arianna EUVD-2026-25566

| CVE-2026-42095 MEDIUM

Missing Authentication for Critical Function (CWE-306)

2026-04-24 mitre

GHSA-7824-f4f9-2x77

Authentication Bypass Suse

4.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Patch available

Apr 24, 2026 - 16:16 EUVD

Analysis Generated

Apr 24, 2026 - 15:00 vuln.today

DescriptionNVD

bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL.

AnalysisAI

KDE Arianna's bookserver before version 26.04.1 allows local attackers to read arbitrary files over socket connections by guessing URLs without authentication, exploiting missing input validation on the bookserver endpoint. The vulnerability requires local access and does not affect confidentiality of other system components; no public exploit code or active exploitation has been identified.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-6920 CRITICAL Act Now

9.6 Apr 23

Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromi

CVE-2026-6919 CRITICAL Act Now

9.6 Apr 23

Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the re

CVE-2026-6921 HIGH This Week

8.3 Apr 23

Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandb

CVE-2026-41323 HIGH This Week

8.1 Apr 24

Kyverno's apiCall feature automatically attaches the admission controller's ServiceAccount token to HTTP requests withou

CVE-2026-41477 HIGH This Week

7.8 Apr 24

Local privilege escalation in Deskflow (all versions up to 1.20.0 stable and 1.26.0.134 continuous) allows any low-privi

Vendor StatusVendor

EUVD-2026-25566 vulnerability details – vuln.today

Back

KDE Arianna EUVD-2026-25566

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code