CVE-2026-45184
Received
Received - Intake
Kdenlive Proxy Parameter Injection Vulnerability
Publication date: 2026-05-09
Last updated on: 2026-05-09
Assigner: MITRE
Description
Description
Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kdenlive | kdenlive | to 26.04.1 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-829 | The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Kdenlive versions before 26.04.1 and involves the handling of proxy parameters. Specifically, when an attacker-controlled project file is used, it allows dangerous proxy parameters to be introduced.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to high impact on confidentiality and integrity, and a low impact on availability. Since the vulnerability involves dangerous proxy parameters controlled by an attacker, it could allow unauthorized access or manipulation of data when opening malicious project files.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70