CVE-2018-6791

Name: CVE-2018-6791
Creator: NVD / NIST
Published: 2018-02-07T02:29:01.453+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.79%

Last modified Jun 17, 2026

CVE-2018-6791 is a vulnerability of currently unknown severity. An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. EPSS estimates a 0.79% chance of exploitation in the next 30 days.

Description

An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder.

Metrics

EPSS Probability

0.79%

51.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-78

Affected Software

Vendor	Product	Versions
Kde	Plasma-Workspace	< 5.12.0
Debian	Debian Linux	9.0

References

https://bugs.kde.org/show_bug.cgi?id=389815Issue Tracking, Vendor Advisory
https://cgit.kde.org/plasma-workspace.git/commit/?id=9db872df82c258315c6ebad800af59e81ffb9212Vendor Advisory
https://www.debian.org/security/2018/dsa-4116Third Party Advisory
https://bugs.kde.org/show_bug.cgi?id=389815Issue Tracking, Vendor Advisory
https://cgit.kde.org/plasma-workspace.git/commit/?id=9db872df82c258315c6ebad800af59e81ffb9212Vendor Advisory
https://www.debian.org/security/2018/dsa-4116Third Party Advisory

Timeline

Published: Feb 7, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-6791?

How severe is CVE-2018-6791?

Severity scoring for CVE-2018-6791 is pending analysis. The EPSS model estimates a 0.79% probability of exploitation in the next 30 days.

How do I fix CVE-2018-6791?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-6791?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST