CVE-2026-41527: CWE-670 Always-Incorrect Control Flow Implementation in KDE Kleopatra
CVE-2026-41527 is a vulnerability in KDE Kleopatra versions before 26. 08. 0 on Windows. It involves an error in the KUniqueService mechanism that is intended to ensure only one instance of the application runs. Due to this flaw, local users can gain the privileges of a Kleopatra user. The vulnerability has a CVSS score of 6. 9, indicating a medium severity level. No official patch or remediation guidance is currently provided by the vendor. There are no known exploits in the wild at this time.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-41527) affects KDE Kleopatra on Windows platforms prior to version 26.08.0. The issue lies in the KUniqueService component responsible for enforcing single-instance execution. An incorrect control flow implementation (CWE-670) allows local users to bypass intended restrictions and obtain the privileges associated with a Kleopatra user account. The CVSS 3.1 base score is 6.9, reflecting a medium severity with high impact on confidentiality and integrity, but requiring local access and high attack complexity.
Potential Impact
Successful exploitation allows a local attacker to escalate privileges to those of a Kleopatra user, potentially exposing sensitive cryptographic operations or data managed by Kleopatra. The impact includes high confidentiality and integrity loss, with limited availability impact. Since exploitation requires local access and has high complexity, the risk is moderated but still significant for affected environments.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict local access to trusted users only and monitor for unusual local activity related to Kleopatra instances. Avoid running multiple instances of Kleopatra concurrently as a precaution.
CVE-2026-41527: CWE-670 Always-Incorrect Control Flow Implementation in KDE Kleopatra
Description
CVE-2026-41527 is a vulnerability in KDE Kleopatra versions before 26. 08. 0 on Windows. It involves an error in the KUniqueService mechanism that is intended to ensure only one instance of the application runs. Due to this flaw, local users can gain the privileges of a Kleopatra user. The vulnerability has a CVSS score of 6. 9, indicating a medium severity level. No official patch or remediation guidance is currently provided by the vendor. There are no known exploits in the wild at this time.
CVSS v3.1
Score 6.9medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-41527) affects KDE Kleopatra on Windows platforms prior to version 26.08.0. The issue lies in the KUniqueService component responsible for enforcing single-instance execution. An incorrect control flow implementation (CWE-670) allows local users to bypass intended restrictions and obtain the privileges associated with a Kleopatra user account. The CVSS 3.1 base score is 6.9, reflecting a medium severity with high impact on confidentiality and integrity, but requiring local access and high attack complexity.
Potential Impact
Successful exploitation allows a local attacker to escalate privileges to those of a Kleopatra user, potentially exposing sensitive cryptographic operations or data managed by Kleopatra. The impact includes high confidentiality and integrity loss, with limited availability impact. Since exploitation requires local access and has high complexity, the risk is moderated but still significant for affected environments.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict local access to trusted users only and monitor for unusual local activity related to Kleopatra instances. Avoid running multiple instances of Kleopatra concurrently as a precaution.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-04-20T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e7f01d19fe3cd2cdfcab50
Added to database: 4/21/2026, 9:46:05 PM
Last enriched: 4/29/2026, 11:22:18 AM
Last updated: 6/5/2026, 9:23:31 PM
Views: 77
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.