CVE-2026-22035 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing.…
High CVSS: 7.7

CVE-2026-22035

Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Format() to insert user-controlled filenames directly into shell commands without sanitization, allowing attackers to execute arbitrary commands by crafting malicious filenames containing shell metacharacters. This issue is fixed in version 1.3.311.
Vendor
Getgreenshot
Product
Greenshot
CWE
CWE-78
Yayın Tarihi
2026-01-08 01:15:55
Güncelleme
2026-01-27 19:11:58
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-78 Greenshot HIGH Getgreenshot 2026

Referanslar

https://github.com/greenshot/greenshot/commit/5dedd5c9f0a9896fa0af1d4980d875a48bf432cb https://github.com/greenshot/greenshot/releases/tag/v1.3.311 https://github.com/greenshot/greenshot/security/advisories/GHSA-7hvw-q8q5-gpmj https://github.com/greenshot/greenshot/security/advisories/GHSA-7hvw-q8q5-gpmj