Skip to main content

Kdenlive

1 CVEs product

Monthly

CVE-2026-45184 MEDIUM PATCH This Month

Kdenlive before version 26.04.1 permits arbitrary command execution through dangerous proxy parameters embedded in attacker-controlled project files. When a victim opens a malicious .kdenlive project file, the application processes untrusted proxy settings without sufficient validation, enabling code execution with the privileges of the user running Kdenlive. This requires user interaction (opening a file) but poses significant risk in contexts where project files are shared or downloaded from untrusted sources.

Information Disclosure Kdenlive
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Kdenlive before version 26.04.1 permits arbitrary command execution through dangerous proxy parameters embedded in attacker-controlled project files. When a victim opens a malicious .kdenlive project file, the application processes untrusted proxy settings without sufficient validation, enabling code execution with the privileges of the user running Kdenlive. This requires user interaction (opening a file) but poses significant risk in contexts where project files are shared or downloaded from untrusted sources.

Information Disclosure Kdenlive
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy