CVE-2026-41525

Name of the Vulnerable Software and Affected Versions KDE Dolphin versions prior to 25.12.3

Description Applications running within a Flatpak or with AppArmor confinement can open folders outside of the application sandbox without additional scrutiny. This occurs because the implementation of the FileManager1 protocol allows the provided path to be any file type, including scripts or executables. While the software prompts the user before launching such files, the intended security behavior is to block the action entirely. There have been reports of elevated activities targeting this issue.

Recommendations Update to version 25.12.3 or later.