Back to CVE List

CVE-2026-62294

Vulnerability Description

Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to time-of-use race that allowed a local unprivileged attacker on the same machine to pre-plant a symlink and cause Flameshot to write PNG data through it, overwriting any file the victim user could write. This issue is fixed in version 14.0.0.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-362
Source
NVD
Vendor
flameshot-org
Product
flameshot

External References

Discussion (0)

Add Comment

No comments yet. Be the first!