CVE-2026-22035
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2026-22035
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22035.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-22035
- Related
- Published
- 2026-01-08T01:15:55.847Z
- Modified
- 2026-01-10T06:15:06.696253Z
- Severity
-
- 7.7 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Format() to insert user-controlled filenames directly into shell commands without sanitization, allowing attackers to execute arbitrary commands by crafting malicious filenames containing shell metacharacters. This issue is fixed in version 1.3.311.
- References
Affected packages
Git / github.com/greenshot/greenshot
Affected ranges
- Type
- GIT
- Repo
- https://github.com/greenshot/greenshot
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Greenshot-RELEASE-1.*
Greenshot-RELEASE-1.2.10.6
Greenshot-RELEASE-1.2.8.12
Greenshot-RELEASE-1.2.8.14
Greenshot-RELEASE-1.2.9.104
Greenshot-RELEASE-1.2.9.112
Greenshot-RELEASE-1.2.9.129
Other
bug/546-admin-install
v1.*
v1.3.105
v1.3.106
v1.3.108
v1.3.151
v1.3.154
v1.3.157
v1.3.178
v1.3.194
v1.3.201
v1.3.202
v1.3.203
v1.3.204
v1.3.205
v1.3.211
v1.3.213
v1.3.218
v1.3.219
v1.3.220
v1.3.223
v1.3.229
v1.3.231
v1.3.234
v1.3.235
v1.3.238
v1.3.239
v1.3.244
v1.3.246
v1.3.249
v1.3.254
v1.3.256
v1.3.258
v1.3.259
v1.3.260
v1.3.261
v1.3.262
v1.3.265
v1.3.270
v1.3.273
v1.3.274
v1.3.275
v1.3.277
v1.3.281
v1.3.284
v1.3.286
v1.3.287
v1.3.288
v1.3.289
v1.3.290
v1.3.291
v1.3.292
v1.3.293
v1.3.294
v1.3.296
v1.3.297
v1.3.298
v1.3.299
v1.3.300
v1.3.301
v1.3.302
v1.3.303
v1.3.304
v1.3.310
v1.3.55
v1.3.57
v1.3.63
v1.3.69
v1.3.71
v1.3.75
v1.3.76