Local Privilege Escalation Flaw in KDE Kleopatra for Windows
CVE-2026-41527

6.9MEDIUM

Key Information:

Vendor: Kde
Status: Kleopatra
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-41527?

A local privilege escalation vulnerability exists in KDE Kleopatra for Windows due to a flaw in the KUniqueService mechanism, which is designed to ensure that only one instance of the application runs at a time. This weakness allows local users to exploit the service to gain elevated privileges, thereby compromising the user’s security by potentially granting unauthorized access to sensitive information and functionalities of the Kleopatra application.

Affected Version(s)

Kleopatra Windows 0 < 26.08.0

References

https://github.com/KDE/kleopatra/releases

https://commits.kde.org/kleopatra/73471abb92d99c56354adb5...

https://kde.org/info/security/advisory-20260408-1.txt

CVSS V3.1

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Apr 20, 2026

CVE-2026-41527 Data

JSON

Kde

What is CVE-2026-41527?

Affected Version(s)

References

CVSS V3.1

Timeline