7.7
CVE-2026-22035
- EPSS 0.9%
- Veröffentlicht 08.01.2026 00:10:28
- Zuletzt bearbeitet 27.01.2026 19:11:58
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Greenshot Vulnerable to OS Command Injection via ExternalCommand Plugin
Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Format() to insert user-controlled filenames directly into shell commands without sanitization, allowing attackers to execute arbitrary commands by crafting malicious filenames containing shell metacharacters. This issue is fixed in version 1.3.311.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Getgreenshot ≫ Greenshot Version < 1.3.311
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.9% | 0.548 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.3 | 1.3 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
| security-advisories@github.com | 7.7 | 1 | 6 |
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
https://github.com/greenshot/greenshot/security/advisories/GHSA-7hvw-q8q5-gpmj
https://github.com/greenshot/greenshot/commit/5dedd5c9f0a9896fa0af1d4980d875a48bf432cb
https://github.com/greenshot/greenshot/releases/tag/v1.3.311