VYPR
Unrated severityOSV Advisory· Published Jul 16, 2026

Debian flameshot: Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, th…

CVE-2026-62294

Description

Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to time-of-use race that allowed a local unprivileged attacker on the same machine to pre-plant a symlink and cause Flameshot to write PNG data through it, overwriting any file the victim user could write. This issue is fixed in version 14.0.0.

Affected products

2
  • v14.0.rc3, v14.0.rc2, v14.0.rc1, …+ 1 more
    • (no CPE)range: v14.0.rc3, v14.0.rc2, v14.0.rc1, …
    • (no CPE)range: <14.0.0

Patches

Vulnerability mechanics

News mentions

0

No linked articles in our index yet.

CVE-2026-62294 · VYPR