CVE-2026-41525
Sandbox Escape via FileManager1 Protocol in KDE Dolphin
Publication date: 2026-04-28
Last updated on: 2026-04-28
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kde | dolphin | to 25.12.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-669 | The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, update KDE Dolphin to version 25.12.3 or later where the issue is fixed.
If updating is not immediately possible, configure Dolphin to always prompt the user before opening executable files by setting the "When opening an executable file" option to "Always ask."
Apply the patch available at https://invent.kde.org/system/dolphin/-/commit/42f099a5ba10e8948cae8f7e364c94129131326c if you maintain a custom build.
Can you explain this vulnerability to me?
This vulnerability exists in KDE Dolphin versions before 25.12.3 and involves improper handling of the FileManager1 protocol's ShowFolders method. Specifically, Dolphin allows applications running inside Flatpak or AppArmor sandboxes to open folders outside their sandbox without proper checks.
The issue arises because Dolphin treats any path given to ShowFolders as a file activation request, including scripts or executables. Instead of blocking such attempts, Dolphin prompts the user to decide whether to launch the script or executable, which is not the intended secure behavior.
If Dolphin is configured to run scripts without user prompts, this can lead to arbitrary code execution outside the sandbox, effectively allowing sandbox escape.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to escape the confinement of sandboxed environments like Flatpak or AppArmor by tricking Dolphin into launching executables or scripts outside the sandbox.
As a result, an attacker could execute arbitrary code with user-level privileges on the affected system, potentially compromising confidentiality, integrity, and availability of data and system resources.
The risk is medium, with a CVSS base score of 6.5, requiring local access and user interaction, but with high impact on confidentiality and integrity.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves KDE Dolphin versions prior to 25.12.3 improperly handling the FileManager1 protocol, allowing sandbox escape by launching executables. Detection involves verifying the Dolphin version and configuration.
- Check the installed Dolphin version to see if it is older than 25.12.3 using the command: dolphin --version
- Inspect Dolphin's configuration for the setting "When opening an executable file" to see if it is set to "Always ask" or not. This can be checked in the Dolphin settings GUI or by examining relevant configuration files.
- Monitor for unusual execution of scripts or executables launched from within Flatpak or AppArmor confined applications, which may indicate exploitation attempts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in KDE Dolphin allows applications confined by Flatpak or AppArmor to escape their sandbox and potentially execute arbitrary code outside the intended restrictions. This could lead to unauthorized access or modification of sensitive data.
Such unauthorized access or execution could impact compliance with standards and regulations like GDPR or HIPAA, which require strict controls over data access and protection against unauthorized actions.
However, the provided information does not explicitly discuss the direct impact on compliance with these regulations.