CVE-2026-25792 - Vulnerability Analysis
MediumCVSS: 6.5Last Updated: March 23, 2026
Greenshot - Untrusted Executable Search Path
Published: March 20, 2026Updated: March 23, 2026PoC Available
Overview
Greenshot <= 1.3.312 contains an untrusted executable search path vulnerability caused by launching explorer.exe without an absolute path, letting local attackers execute arbitrary code by placing malicious executables, exploit requires local access.
Severity & Score
Severity: Medium
CVSS Score: 6.5
Impact
Local attackers can execute arbitrary code with the application's privileges, potentially compromising the system.
Mitigation
Update to the latest version once a patch is available.
Related Resources
Details
- CVE ID
- CVE-2026-25792
- Severity
- Medium
- CVSS Score
- 6.5
- Type
- unrestricted_file_upload
- Status
- confirmed
CWE
- CWE-426
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H