High severity8.8NVD Advisory· Published Apr 15, 2022· Updated Jun 17, 2026
CVE-2022-29281
CVE-2022-29281
Description
Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Notable/Notabledescription
Patches
Vulnerability mechanics
References
2- github.com/hmnthabit/Advisories/blob/master/CVE-2022-29281.mdnvdThird Party Advisory
- github.com/notable/notable-insiders/releases/tag/v1.9.0-beta.8nvdRelease NotesThird Party Advisory
News mentions
0No linked articles in our index yet.