Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreiaotsozkcecsa6c2axig3s74bm2bqhulfvcfqtunrixvpqmptkfny",
    "uri": "at://did:plc:6dmfe46c76jjenq3kaxc5eds/app.bsky.feed.post/3mlfrpcpdmei2"
  },
  "path": "/news/releases/26.04.1/",
  "publishedAt": "2026-05-09T04:00:00.000Z",
  "site": "https://kdenlive.org",
  "tags": [
    "NLnet/NGI0 grant",
    "Radically Open Security",
    "download",
    "continue reading on kdenlive.org"
  ],
  "textContent": "The first maintenance release of the 26.04 series is now available, with the usual batch of stability fixes and workflow improvements.\n\nThis release also contains an **important security fix** , so we strongly advise all users to **upgrade** to the latest 26.04.1 version.\n\nThanks to an NLnet/NGI0 grant, we had a security audit provided by Radically Open Security. The audit found one serious vulnerability that can happen when opening a malicious project file, allowing remote code execution. This is fixed with Kdenlive 26.04.1. Thanks to Edoardo Geraci and Radically Open Security for helping us make our software safer!\n\nWe are not aware of the vulnerability being exploited so far. It is important to understand that **this security issue is about a manipulated .kdenlive project file containing potentially malicious code**. Therefore, it is only relevant **if you open a .kdenlive project file that you received from someone else or downloaded from the internet**. If you are working only with your own projects or with shared projects in collaboration with fully trusted partners, there is no security risk.\n\n**_If you cannot upgrade, do not open a project file that was not created by you_**.\n\nAlthough the vulnerability is fixed in 26.04.1, we have also implemented another layer of security checks for the upcoming 26.08.0 to warn the user if some other unexpected input is detected in a project file.\n\nHead to our download section to get the latest binaries, or check the updates from your package manager. Please note that for Linux only AppImage and Flatpak are supported by the Kdenlive team.\n\nFor the full changelog continue reading on kdenlive.org.",
  "title": "Kdenlive 26.04.1 released"
}