CVE-2026-4158
Received Received - Intake
Uncontrolled Search Path Privilege Escalation in KeePassXC OpenSSL

Publication date: 2026-04-11

Last updated on: 2026-04-11

Assigner: Zero Day Initiative

Description
KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads configuration from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of KeePassXC when run by a target user on the system. Was ZDI-CAN-29156.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-11
Last Modified
2026-04-11
Generated
2026-06-16
AI Q&A
2026-04-11
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4158
EUVD
EUVD-2026-21645
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
keepassxc keepassxc to 2.7.11 (inc)
keepassxc keepassxc 2.7.12
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-4158 is a local privilege escalation vulnerability in KeePassXC caused by the way it loads OpenSSL configuration files from an unsecured search path.

An attacker who already has the ability to execute low-privileged code on the target system can exploit this flaw by placing a malicious DLL and configuration file in a specific directory that KeePassXC checks during its update process.

When KeePassXC runs and loads the OpenSSL configuration, it inadvertently loads the attacker's malicious DLL, allowing the attacker to execute arbitrary code with the privileges of the KeePassXC process, effectively escalating their privileges.

Impact Analysis

This vulnerability can allow a local attacker with low privileges to escalate their privileges on the system by executing arbitrary code within the KeePassXC process.

As a result, the attacker can gain access to sensitive information stored in KeePassXC, compromise the integrity and availability of the system, and potentially take full control over the user's secrets and data managed by KeePassXC.

Detection Guidance

This vulnerability can be detected by checking if the vulnerable KeePassXC version (up to and including 2.7.11) is installed and if the insecure OpenSSL configuration path exists on the system.

  • Verify KeePassXC version installed is 2.7.11 or earlier.
  • Check for the presence of the directory and files at the path: C:\Tools\vcpkg\packages\openssl_x64-windows\
  • Look for suspicious DLL files such as CmdOnDllMain.dll in the above directory.

Suggested commands on a Windows system to detect this vulnerability include:

  • Check KeePassXC version: Open KeePassXC and check the About section or run a command if available.
  • Use PowerShell to check for the directory and DLL: Get-ChildItem -Path C:\Tools\vcpkg\packages\openssl_x64-windows\ -Recurse
  • Search for suspicious DLLs: dir C:\Tools\vcpkg\packages\openssl_x64-windows\*.dll
Mitigation Strategies

The immediate mitigation step is to update KeePassXC to version 2.7.12 or later, where this vulnerability has been patched.

Additionally, remove or secure the directory path C:\Tools\vcpkg\packages\openssl_x64-windows\ to prevent unprivileged users from placing malicious DLLs or configuration files.

Restrict permissions on the OpenSSL configuration path to prevent unauthorized creation or modification of files.

Avoid running KeePassXC with elevated privileges unnecessarily and ensure that only trusted users have access to the system.

Compliance Impact

This vulnerability allows local attackers to escalate privileges and execute arbitrary code within the KeePassXC process, potentially leading to a complete compromise of the user's secrets stored in KeePassXC.

Such a compromise could result in unauthorized access to sensitive personal or protected health information, which may violate data protection requirements under standards like GDPR and HIPAA.

Therefore, if exploited, this vulnerability could negatively impact an organization's ability to maintain confidentiality and integrity of sensitive data, thereby affecting compliance with these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4158. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart