Skip to main content
ZDI-CAN-28906 HIGH 7.8 Overdue Feb 06, 2026

Krita

Krita is a popular open-source digital painting and illustration software application. This high-severity vulnerability requires local access and user interaction to exploit, but once triggered grants an attacker complete control over confidentiality, integrity, and availability of the affected system with no authentication required. Security teams should monitor for patch releases after the June 2026 vendor deadline and advise users to avoid opening untrusted files or projects in Krita until updates are available.

Advisory Details
Researcher Anonymous
Reported February 06, 2026
Deadline June 06, 2026 41d overdue
CVSS Vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy