Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.3
KeePassXC Can Allow Local Attackers to Escalate Privileges
CVE-2026-4158
Summary
A vulnerability in KeePassXC allows a local attacker to gain elevated access to the system if they can run low-privileged code on the target machine. This could potentially let the attacker execute malicious code on the system. Users should update their KeePassXC installation to the latest version to mitigate this risk.
Original title
KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations...
Original description
KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the configuration of OpenSSL. The product loads configuration from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of KeePassXC when run by a target user on the system. Was ZDI-CAN-29156.
The specific flaw exists within the configuration of OpenSSL. The product loads configuration from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of KeePassXC when run by a target user on the system. Was ZDI-CAN-29156.
nvd CVSS3.0
7.3
Vulnerability type
CWE-427
Uncontrolled Search Path Element
Published: 11 Apr 2026 · Updated: 11 Apr 2026 · First seen: 11 Apr 2026