Description
KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the configuration of OpenSSL. The product loads configuration from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of KeePassXC when run by a target user on the system. Was ZDI-CAN-29156.
Published: 2026-04-11
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Patch
AI Analysis

Impact

The vulnerability arises from KeePassXC’s use of OpenSSL. During startup, the application loads the OpenSSL configuration from a location that is not protected by the operating system. This omission allows an attacker who can already execute code at the current user level to supply a configuration file that contains an uncontrolled search path element. The threat model is local; the flaw is a classic CWE‑427 — Uncontrolled Search Path Element.

Affected Systems

Affected installations are those that run the KeePassXC application, specifically the KeePassXC:KeePassXC product family. No version range was specified in the CNA information, but the advisory references indicate that all actively supported releases are susceptible until a patch is released.

Risk and Exploitability

The CVSS score of 7.3 indicates a high‑risk condition. Exploitability requires the attacker to first acquire low‑privilege code execution, which is a prerequisite that reduces the likelihood of remote attacks. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, which suggests it has not yet been widely exploited. Nevertheless, the combination of a local trusted process and the ability to inject arbitrary code warrants prompt attention.

Generated by OpenCVE AI on April 11, 2026 at 02:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the KeePassXC project page or GitHub releases for an updated version that addresses the OpenSSL configuration issue, and upgrade as soon as one is available.
  • If a patch cannot be applied immediately, limit the permissions of the directory from which KeePassXC loads its OpenSSL configuration so that only the current user can read or modify the file, and ensure the application is not run with elevated privileges.
  • Verify that the environment variables or command‑line options that set OpenSSL configuration paths point to a secure, user‑owned directory, and remove any references to system‑wide insecure paths.

Generated by OpenCVE AI on April 11, 2026 at 02:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Keepassxc
Keepassxc keepassxc
Vendors & Products Keepassxc
Keepassxc keepassxc

Sat, 11 Apr 2026 01:00:00 +0000

Type Values Removed Values Added
Description KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads configuration from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of KeePassXC when run by a target user on the system. Was ZDI-CAN-29156.
Title KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Weaknesses CWE-427
References
Metrics cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Keepassxc Keepassxc
cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-04-13T17:40:04.189Z

Reserved: 2026-03-13T20:35:42.678Z

Link: CVE-2026-4158

cve-icon Vulnrichment

Updated: 2026-04-13T17:39:59.814Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-11T01:16:17.620

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-4158

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:56:52Z

Weaknesses