CVE-2016-5119 Keepass CVE debrief

Who should care

Organizations and individuals running KeePass 2.33 or earlier, especially where update checks may occur over networks that could be intercepted or altered. Security teams responsible for endpoint software trust chains and patch governance should also care.

Technical summary

The vulnerability is centered on KeePass's automatic update flow. The published description states that a MITM attacker can spoof the version-check response and provide a crafted update, enabling arbitrary code execution. NVD lists affected versions through 2.33, a CVSS v3.0 vector of AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H, and a primary weakness classification of CWE-20.

Defensive priority

High. The issue can affect software update trust and may allow code execution if a user follows a malicious update path. Prioritize upgrading to a fixed KeePass release and reducing exposure to untrusted network paths.

Recommended defensive actions

• Upgrade KeePass to a version newer than 2.33.
• Verify that update checks and downloads use trusted channels and are not intercepted by hostile networks.
• If immediate upgrading is not possible, disable or restrict automatic update checking until remediation is complete.
• Monitor endpoints for unexpected update prompts or unexpected software execution associated with KeePass.
• Use endpoint controls and network protections that reduce the risk of MITM interference on software update traffic.

Evidence notes

This debrief is based on the supplied CVE description and NVD metadata. The record states that KeePass 2.33 and earlier are affected, that the automatic update feature can be abused by a man-in-the-middle attacker, and that the attacker can supply a crafted update leading to arbitrary code execution. NVD also provides the CVSS v3.0 vector AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H and lists CWE-20 as the primary weakness. The CVE was published on 2017-01-23 and the NVD record was modified on 2026-05-13.

Official resources