2481425 – CVE-2026-48700 pcmanfm-qt: PCManFM-Qt: Arbitrary code execution via crafted URI [fedora-all]

Bug 2481425 - CVE-2026-48700 pcmanfm-qt: PCManFM-Qt: Arbitrary code execution via crafted URI [fedora-all]

Summary: CVE-2026-48700 pcmanfm-qt: PCManFM-Qt: Arbitrary code execution via crafted U...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	pcmanfm-qt
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Zamir SUN
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	{"flaws": ["1ef37e85-d710-4ed0-bae1-a...
Depends On:
Blocks:	CVE-2026-48700
TreeView+	depends on / blocked

Reported:	2026-05-26 11:07 UTC by Keith Grant
Modified:	2026-06-02 11:54 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2026-06-02 11:54:47 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Keith Grant 2026-05-26 11:07:50 UTC

Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

Comment 1 Zamir SUN 2026-05-27 08:50:36 UTC

Hi Security team,

According to the upstream discussion, this is a security issue in wine not in pcmanfm-qt. So please review and close this ticket.
https://github.com/lxqt/pcmanfm-qt/issues/2163

Comment 2 Keith Grant 2026-06-02 11:54:47 UTC

As stated, vulnerability is not in this component.

Note You need to log in before you can comment on or make changes to this bug.