CVE-2026-4158
Uncontrolled Search Path Privilege Escalation in KeePassXC OpenSSL
Publication date: 2026-04-11
Last updated on: 2026-04-11
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| keepassxc | keepassxc | to 2.7.11 (inc) |
| keepassxc | keepassxc | 2.7.12 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-4158 is a local privilege escalation vulnerability in KeePassXC caused by the way it loads OpenSSL configuration files from an unsecured search path.
An attacker who already has the ability to execute low-privileged code on the target system can exploit this flaw by placing a malicious DLL and configuration file in a specific directory that KeePassXC checks during its update process.
When KeePassXC runs and loads the OpenSSL configuration, it inadvertently loads the attacker's malicious DLL, allowing the attacker to execute arbitrary code with the privileges of the KeePassXC process, effectively escalating their privileges.
How can this vulnerability impact me? :
This vulnerability can allow a local attacker with low privileges to escalate their privileges on the system by executing arbitrary code within the KeePassXC process.
As a result, the attacker can gain access to sensitive information stored in KeePassXC, compromise the integrity and availability of the system, and potentially take full control over the user's secrets and data managed by KeePassXC.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the vulnerable KeePassXC version (up to and including 2.7.11) is installed and if the insecure OpenSSL configuration path exists on the system.
- Verify KeePassXC version installed is 2.7.11 or earlier.
- Check for the presence of the directory and files at the path: C:\Tools\vcpkg\packages\openssl_x64-windows\
- Look for suspicious DLL files such as CmdOnDllMain.dll in the above directory.
Suggested commands on a Windows system to detect this vulnerability include:
- Check KeePassXC version: Open KeePassXC and check the About section or run a command if available.
- Use PowerShell to check for the directory and DLL: Get-ChildItem -Path C:\Tools\vcpkg\packages\openssl_x64-windows\ -Recurse
- Search for suspicious DLLs: dir C:\Tools\vcpkg\packages\openssl_x64-windows\*.dll
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update KeePassXC to version 2.7.12 or later, where this vulnerability has been patched.
Additionally, remove or secure the directory path C:\Tools\vcpkg\packages\openssl_x64-windows\ to prevent unprivileged users from placing malicious DLLs or configuration files.
Restrict permissions on the OpenSSL configuration path to prevent unauthorized creation or modification of files.
Avoid running KeePassXC with elevated privileges unnecessarily and ensure that only trusted users have access to the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows local attackers to escalate privileges and execute arbitrary code within the KeePassXC process, potentially leading to a complete compromise of the user's secrets stored in KeePassXC.
Such a compromise could result in unauthorized access to sensitive personal or protected health information, which may violate data protection requirements under standards like GDPR and HIPAA.
Therefore, if exploited, this vulnerability could negatively impact an organization's ability to maintain confidentiality and integrity of sensitive data, thereby affecting compliance with these regulations.