CVE-2026-25792

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-25792
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25792.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-25792
Aliases
  • GHSA-f8v9-7fph-fr2j
Published
2026-03-20T10:04:34.752Z
Modified
2026-04-10T05:40:47.814976Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Greenshot Vulnerable to OS Command Injection via ExternalCommand Plugin
Details

Greenshot is an open source Windows screenshot utility. Versions 1.3.312 and below have untrusted executable search path / binary hijacking vulnerability that allows a local attacker to execute arbitrary code when the affected Windows application launches explorer.exe without using an absolute path. The vulnerable behavior is triggered when the user double-clicks the application’s tray icon, which opens the directory containing the most recent screenshot captured by the application. By placing a malicious executable with the same name in a location searched prior to the legitimate Windows binary, an attacker can gain code execution in the context of the application. This issue did not have a patch at the time of publication.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25792.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-426"
    ]
}
References

Affected packages

Git / github.com/greenshot/greenshot

Affected ranges

Type
GIT
Repo
https://github.com/greenshot/greenshot
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5a60aff83e595cf5ec7385e6093b4fd0db831d7a
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.312"
        }
    ]
}

Affected versions

Greenshot-RELEASE-1.*
Greenshot-RELEASE-1.2.8.12
Greenshot-RELEASE-1.2.8.14
Other
bug/546-admin-install
v1.*
v1.3.105
v1.3.106
v1.3.108
v1.3.151
v1.3.154
v1.3.157
v1.3.178
v1.3.194
v1.3.201
v1.3.202
v1.3.203
v1.3.204
v1.3.205
v1.3.211
v1.3.213
v1.3.218
v1.3.219
v1.3.220
v1.3.223
v1.3.229
v1.3.231
v1.3.234
v1.3.235
v1.3.238
v1.3.239
v1.3.244
v1.3.246
v1.3.249
v1.3.254
v1.3.256
v1.3.258
v1.3.259
v1.3.260
v1.3.261
v1.3.262
v1.3.265
v1.3.270
v1.3.273
v1.3.274
v1.3.275
v1.3.277
v1.3.281
v1.3.284
v1.3.286
v1.3.287
v1.3.288
v1.3.289
v1.3.290
v1.3.291
v1.3.292
v1.3.293
v1.3.294
v1.3.296
v1.3.297
v1.3.298
v1.3.299
v1.3.300
v1.3.301
v1.3.302
v1.3.303
v1.3.304
v1.3.310
v1.3.311
v1.3.312
v1.3.55
v1.3.57
v1.3.63
v1.3.69
v1.3.71
v1.3.75
v1.3.76

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25792.json"