What is CVE-2026-41527?

CVE-2026-41527 is a medium-severity vulnerability in Kde Kleopatra, classified under Always-Incorrect Control Flow Implementation. CVSS score: 6.9/10. Published 2026-04-21.

How severe is CVE-2026-41527?

Medium severity. CVSS v3 base score is 6.9 out of 10.

Vulnerability in Kde Kleopatra

CVE-2026-41527

KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism (KUniqueService) for ensuring that only one instance is running.

EPSS: 0.000 (4.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.9 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L.

Affected products

Kde Kleopatra — versions 0

Weakness classification (CWE)

CWE-670 — Always-Incorrect Control Flow Implementation

References

github.com/KDE/kleopatra/releases
commits.kde.org/kleopatra/73471abb92d99c56354adb582bfaec2764c22b79
kde.org/info/security/advisory-20260408-1.txt

Frequently asked questions

What is CVE-2026-41527?: CVE-2026-41527 is a medium-severity vulnerability in Kde Kleopatra, classified under Always-Incorrect Control Flow Implementation. CVSS score: 6.9/10. Published 2026-04-21.
How severe is CVE-2026-41527?: Medium severity. CVSS v3 base score is 6.9 out of 10.