CVE-2026-41525
Awaiting Analysis Awaiting Analysis - Queue
Sandbox Escape via FileManager1 Protocol in KDE Dolphin

Publication date: 2026-04-28

Last updated on: 2026-05-19

Assigner: MITRE

Description
KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or executables. (By default, Dolphin will then prompt the user to determine if they want to launch a script or executable; however, the intended behavior is to block the attempted action, not present a consent prompt.)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-05-19
Generated
2026-06-16
AI Q&A
2026-04-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-41525
EUVD
EUVD-2026-26003
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
kde dolphin to 25.12.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-669 The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability immediately, update KDE Dolphin to version 25.12.3 or later where the issue is fixed.

If updating is not immediately possible, configure Dolphin to always prompt the user before opening executable files by setting the "When opening an executable file" option to "Always ask."

Apply the patch available at https://invent.kde.org/system/dolphin/-/commit/42f099a5ba10e8948cae8f7e364c94129131326c if you maintain a custom build.

Executive Summary

This vulnerability exists in KDE Dolphin versions before 25.12.3 and involves improper handling of the FileManager1 protocol's ShowFolders method. Specifically, Dolphin allows applications running inside Flatpak or AppArmor sandboxes to open folders outside their sandbox without proper checks.

The issue arises because Dolphin treats any path given to ShowFolders as a file activation request, including scripts or executables. Instead of blocking such attempts, Dolphin prompts the user to decide whether to launch the script or executable, which is not the intended secure behavior.

If Dolphin is configured to run scripts without user prompts, this can lead to arbitrary code execution outside the sandbox, effectively allowing sandbox escape.

Impact Analysis

This vulnerability can allow an attacker to escape the confinement of sandboxed environments like Flatpak or AppArmor by tricking Dolphin into launching executables or scripts outside the sandbox.

As a result, an attacker could execute arbitrary code with user-level privileges on the affected system, potentially compromising confidentiality, integrity, and availability of data and system resources.

The risk is medium, with a CVSS base score of 6.5, requiring local access and user interaction, but with high impact on confidentiality and integrity.

Detection Guidance

This vulnerability involves KDE Dolphin versions prior to 25.12.3 improperly handling the FileManager1 protocol, allowing sandbox escape by launching executables. Detection involves verifying the Dolphin version and configuration.

  • Check the installed Dolphin version to see if it is older than 25.12.3 using the command: dolphin --version
  • Inspect Dolphin's configuration for the setting "When opening an executable file" to see if it is set to "Always ask" or not. This can be checked in the Dolphin settings GUI or by examining relevant configuration files.
  • Monitor for unusual execution of scripts or executables launched from within Flatpak or AppArmor confined applications, which may indicate exploitation attempts.
Compliance Impact

The vulnerability in KDE Dolphin allows applications confined by Flatpak or AppArmor to escape their sandbox and potentially execute arbitrary code outside the intended restrictions. This could lead to unauthorized access or modification of sensitive data.

Such unauthorized access or execution could impact compliance with standards and regulations like GDPR or HIPAA, which require strict controls over data access and protection against unauthorized actions.

However, the provided information does not explicitly discuss the direct impact on compliance with these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41525. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart