CVE-2026-45184
Received Received - Intake
Kdenlive Proxy Parameter Injection Vulnerability

Publication date: 2026-05-09

Last updated on: 2026-05-10

Assigner: MITRE

Description
Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-09
Last Modified
2026-05-10
Generated
2026-06-19
AI Q&A
2026-05-10
EPSS Evaluated
2026-06-18
NVD
CVE-2026-45184
EUVD
EUVD-2026-28946
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
kdenlive kdenlive to 26.04.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-829 The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Kdenlive versions before 26.04.1 and involves the handling of proxy parameters. Specifically, when an attacker-controlled project file is used, it allows dangerous proxy parameters to be introduced.

Impact Analysis

Exploitation of this vulnerability can lead to high impact on confidentiality and integrity, and a low impact on availability. Since the vulnerability involves dangerous proxy parameters controlled by an attacker, it could allow unauthorized access or manipulation of data when opening malicious project files.

Compliance Impact

The vulnerability in Kdenlive before version 26.04.1 allows remote code execution and potential exfiltration of files when opening malicious project files. This could lead to unauthorized access and data breaches.

Such unauthorized access and data exfiltration risks could negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized disclosure.

However, the provided information does not explicitly discuss compliance implications or specific impacts on these standards.

Mitigation Strategies

To mitigate this vulnerability, do not open project files from untrusted sources.

Update Kdenlive to version 26.04.1 or later.

Alternatively, apply the provided patches that address the vulnerability.

Detection Guidance

This vulnerability arises from opening specially crafted malicious project files in Kdenlive versions prior to 26.04.1. Detection involves identifying if vulnerable versions of Kdenlive are installed and whether untrusted project files have been opened.

To detect the vulnerability on your system, first verify the installed Kdenlive version:

  • kdenlive --version

If the version is earlier than 26.04.1, the system is vulnerable. Additionally, monitor for any suspicious project files that may have been opened, especially those from untrusted sources.

Since the vulnerability involves project files, you can search for recently accessed or modified Kdenlive project files (usually with the extension .kdenlive) using commands like:

  • find ~/ -type f -name '*.kdenlive' -mtime -30

Review these files for any unexpected or suspicious content. However, no specific network detection commands are provided, as the vulnerability is triggered locally by opening malicious project files.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45184. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart