https://www.theregister.co.uk/2018/02/12/kde_naming_usb_drive_vuln/ has been fixed, but there are likely many more mount-related bugs. Best not to allow any end-users to mount anything, automatically, ever. The power to mount, is the power to own a system, completely. And it always will be.