What is CVE-2026-4158?

CVE-2026-4158 is a high-severity vulnerability in Keepassxc, classified under Uncontrolled Search Path Element. CVSS score: 7.3/10. Published 2026-04-11.

How severe is CVE-2026-4158?

High severity. CVSS v3 base score is 7.3 out of 10.

Vulnerability in Keepassxc

CVE-2026-4158

KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An attacker must first obta…

EPSS: 0.000 (4.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.

Affected products

Keepassxc — versions 2.7.11

Weakness classification (CWE)

CWE-427 — Uncontrolled Search Path Element

References

ZDI-26-215 (x_research-advisory)
vendor-provided URL (vendor-advisory)

Frequently asked questions

What is CVE-2026-4158?: CVE-2026-4158 is a high-severity vulnerability in Keepassxc, classified under Uncontrolled Search Path Element. CVSS score: 7.3/10. Published 2026-04-11.
How severe is CVE-2026-4158?: High severity. CVSS v3 base score is 7.3 out of 10.