CVE-2026-41527

NameCVE-2026-41527
DescriptionKDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism (KUniqueService) for ensuring that only one instance is running.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kleopatra (PTS)bullseye4:20.08.3-1fixed
bookworm4:22.12.3-1fixed
trixie4:24.12.3-1+deb13u1fixed
forky, sid4:25.12.3-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kleopatrasource(unstable)(not affected)

Notes

- kleopatra <not-affected> (Windows-specific)
https://kde.org/info/security/advisory-20260408-1.txt
Search for package or bug name: Reporting problems