CVE-2026-41526
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-41526
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \x01 can be used during injection.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
转义、元或控制序列转义处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
KCoreAddons 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
KCoreAddons是KDE GitHub Mirror开源的一个基于QtCore的非GUI工具集库。 KCoreAddons 6.25之前版本存在安全漏洞,该漏洞源于KShell::quoteArgs方法未充分处理元字符,可能导致应用程序在安全关键路径中处理用户输入时被利用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| KDE | KCoreAddons | 0 ~ 6.25 | - |
II. Public POCs for CVE-2026-41526
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-41526
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same weakness: CWE-150
- CVE-2026-6019
BaseCookie.js_output() does not neutralize embedded characte - CVE-2026-40505
MuPDF < 1.27 mutool ANSI Injection via Metadata - CVE-2026-26149
Microsoft Power Apps Desktop Client Spoofing Vulnerability - CVE-2026-35651
OpenClaw 2026.2.13 < 2026.3.25 - ANSI Escape Sequence Inject - CVE-2026-3108
Terminal Escape Injection in mmctl Report Posts Command
V. Comments for CVE-2026-41526
No comments yet