Description

Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Format() to insert user-controlled filenames directly into shell commands without sanitization, allowing attackers to execute arbitrary commands by crafting malicious filenames containing shell metacharacters. This issue is fixed in version 1.3.311.

INFO

Published Date :

2026-01-08T00:10:28.278Z

Last Modified :

2026-01-09T04:55:30.975Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-22035 vulnerability.

Vendors Products
Greenshot
  • Greenshot
Microsoft
  • Windows
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-22035.

URL Resource
https://github.com/greenshot/greenshot/commit/5dedd5c9f0a9896fa0af1d4980d875a48bf432cb cve-icon cve-icon
https://github.com/greenshot/greenshot/releases/tag/v1.3.311 cve-icon cve-icon
https://github.com/greenshot/greenshot/security/advisories/GHSA-7hvw-q8q5-gpmj cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact