File Management Flaw in KDE Dolphin Affects Application Sandboxing
CVE-2026-41525

6.5MEDIUM

Key Information:

Vendor: Kde
Status: Dolphin
Vendor: CVE Published:; 28 April 2026

What is CVE-2026-41525?

KDE Dolphin prior to version 25.12.3 has a security vulnerability where applications running in a Flatpak environment or under AppArmor confinement can access folders outside their intended sandbox. This flaw occurs due to Dolphin's handling of the FileManager1 protocol, which allows unrestricted paths to be opened. Instead of blocking the action, Dolphin prompts the user to launch scripts or executables, a behavior that undermines proper security measures meant to prevent unauthorized access.

Affected Version(s)

Dolphin 0 < 25.12.3

References

https://invent.kde.org/system/dolphin/

https://github.com/KDE/dolphin/releases/tag/v25.12.3

https://kde.org/info/security/advisory-20260427-2.txt

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2026
Vulnerability Reserved
Apr 20, 2026

CVE-2026-41525 Data

JSON

Kde

What is CVE-2026-41525?

Affected Version(s)

References

CVSS V3.1

Timeline