Greenshot Vulnerable to OS Command Injection via ExternalCommand Plugin

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Description

Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Format() to insert user-controlled filenames directly into shell commands without sanitization, allowing attackers to execute arbitrary commands by crafting malicious filenames containing shell metacharacters. This issue is fixed in version 1.3.311.

Basic Information

ID CVE-2026-22035

Source GitHub_M

Published Jan 8, 2026 at 00:10

Affected Product

Vendor greenshot

Product greenshot

Version < 1.3.311

Affected Versions greenshot greenshot < 1.3.311

CWE Classification

CWE-78

References

{
    "lastseen": "",
    "description": "Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Format() to insert user-controlled filenames directly into shell commands without sanitization, allowing attackers to execute arbitrary commands by crafting malicious filenames containing shell metacharacters. This issue is fixed in version 1.3.311.",
    "published": "2026-01-08T00:10:28.278Z",
    "modified": "2026-01-08T00:10:28.278Z",
    "type": "cve",
    "title": "Greenshot Vulnerable to OS Command Injection via ExternalCommand Plugin",
    "source": "GitHub_M",
    "references": "https://github.com/greenshot/greenshot/security/advisories/GHSA-7hvw-q8q5-gpmj\nhttps://github.com/greenshot/greenshot/commit/5dedd5c9f0a9896fa0af1d4980d875a48bf432cb\nhttps://github.com/greenshot/greenshot/releases/tag/v1.3.311",
    "id": "CVE-2026-22035",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "greenshot greenshot < 1.3.311",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "greenshot",
    "version": "< 1.3.311",
    "vendor": "greenshot",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Greenshot Vulnerable to OS Command Injection via ExternalCommand Plugin_CVE-2026-22035