cvedb.io
CVE-2022-24986
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2022-02-26T05:15:08.343 · Last modified 2026-06-17T04:32:54.400

Summary

KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands.

Affected products

kde — kcron

Does this affect you?

Add your gear to cvedb and we'll alert you only when kde ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.