openSUSE 16 Security Update : kf6-kcoreaddons (openSUSE-SU-2026:20701-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20701-1 advisory. Changes in kf6-kcoreaddons: - CVE-2026-41526: Fixed arbitrary code execution via improper shell argument quoting boo1263441 Tenable has extracted the...

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \x01 can be used during injection.

...

CVE-2026-41526

creationtimestamp| type| source ---|---|--- 2026-04-29 04:21:36+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116486078154329890...

CVE-2026-41526

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...