CVE-2026-41525

N/A

KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or executables. (By default, Dolphin will then prompt the user to determine if they want to launch a script or executable; however, the intended behavior is to block the attempted action, not present a consent prompt.)

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L

在范围间的资源转移不正确

Dolphin 安全漏洞

Dolphin是KDE GitHub Mirror开源的一款文件管理及浏览工具。 Dolphin 25.12.3之前版本存在安全漏洞，该漏洞源于允许Flatpak或AppArmor限制中的应用打开沙箱外文件夹，可能导致攻击者通过FileManager1协议打开脚本或可执行文件。

N/A

N/A