平台
openssl
组件
openssl
修复版本
2.7.12
CVE-2026-4158 represents a privilege escalation vulnerability affecting OpenSSL configurations within KeePassXC. This flaw allows local attackers to gain elevated privileges by exploiting an unsecured configuration path. The vulnerability impacts KeePassXC versions 2.7.11–2.7.11, and a fix is expected to be released by the vendor.
The primary impact of CVE-2026-4158 is the potential for local privilege escalation. An attacker who can already execute low-privileged code on a system running KeePassXC can exploit this vulnerability to gain higher-level access. This could allow them to read sensitive data stored within KeePassXC databases, modify system configurations, or even execute arbitrary code with the privileges of the KeePassXC process. The unsecured OpenSSL configuration path allows attackers to inject malicious configuration files, effectively hijacking the OpenSSL library's behavior within KeePassXC. This is a significant risk, especially in environments where KeePassXC is used to manage sensitive credentials.
CVE-2026-4158 was publicly disclosed on 2026-04-11. While no public proof-of-concept (PoC) code is currently available, the vulnerability's nature suggests it could be relatively easy to exploit once a PoC is developed. The EPSS score is pending evaluation. This vulnerability is not currently listed on the CISA KEV catalog.
Users of KeePassXC who are running version 2.7.11 are particularly at risk. Systems where KeePassXC is used to manage highly sensitive credentials, such as those in regulated industries or government agencies, face a heightened risk. Shared hosting environments where multiple users share the same system and KeePassXC installation are also vulnerable.
• linux / server:
journalctl -f | grep -i openssl
ps aux | grep keepassxc• generic web:
curl -I <keepassxc_url>disclosure
漏洞利用状态
EPSS
0.01% (3% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2026-4158 is to upgrade KeePassXC to a version that incorporates the security fix. Until a patched version is available, consider restricting access to the OpenSSL configuration directory to prevent unauthorized modification. Implement strict file permissions and access controls to limit who can write to the configuration directory. Monitoring system logs for unusual file modifications or access attempts to the OpenSSL configuration directory can also help detect potential exploitation. After upgrade, confirm by verifying the OpenSSL version is updated and re-testing the configuration path access.
Actualice KeePassXC a una versión que utilice una versión parcheada de OpenSSL. Verifique la documentación de KeePassXC para obtener instrucciones específicas sobre cómo actualizar el software. Asegúrese de que la configuración de OpenSSL no permita la lectura de archivos de configuración desde ubicaciones no seguras.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-4158 is a HIGH severity vulnerability in OpenSSL affecting KeePassXC versions 2.7.11–2.7.11. It allows local attackers to escalate privileges by exploiting an unsecured configuration path.
If you are using KeePassXC version 2.7.11, you are potentially affected by this vulnerability. Check your version and upgrade as soon as a patch is available.
The recommended fix is to upgrade KeePassXC to a patched version that addresses the vulnerability. Until a patch is available, restrict access to the OpenSSL configuration directory.
Currently, there are no confirmed reports of active exploitation, but the vulnerability's nature suggests it could be exploited once a PoC is developed.
Refer to the official KeePassXC website and security advisories for updates and information regarding CVE-2026-4158.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。