Skip to main content

Flameshot

1 CVEs product

Monthly

CVE-2026-62294 MEDIUM PATCH This Month

Flameshot's 'Open With' feature prior to version 14.0.0 contains a TOCTOU (time-of-check to time-of-use) symlink-following race condition that allows a local unprivileged attacker on the same machine to overwrite arbitrary files writable by the victim user. By pre-planting a symlink at the predictable temporary file path before Flameshot writes the screenshot PNG, an attacker can redirect the write operation to any file within the victim's permissions - including configuration files, SSH keys, or application data. No public exploit identified at time of analysis, though the attack is straightforward given the deterministic path; the vendor-confirmed fix is available in v14.0.0.

Race Condition Information Disclosure Flameshot
NVD GitHub
CVSS 4.0
5.1
CVSS 5.1
MEDIUM PATCH This Month

Flameshot's 'Open With' feature prior to version 14.0.0 contains a TOCTOU (time-of-check to time-of-use) symlink-following race condition that allows a local unprivileged attacker on the same machine to overwrite arbitrary files writable by the victim user. By pre-planting a symlink at the predictable temporary file path before Flameshot writes the screenshot PNG, an attacker can redirect the write operation to any file within the victim's permissions - including configuration files, SSH keys, or application data. No public exploit identified at time of analysis, though the attack is straightforward given the deterministic path; the vendor-confirmed fix is available in v14.0.0.

Race Condition Information Disclosure Flameshot
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy