Denial of Service Vulnerability in Color Notes by Color Notes App
CVE-2021-47969

8.7HIGH

Key Information:

Vendor: Color-notes
Status: Color Notes
Vendor: CVE Published:; 16 May 2026

🔔 Create Color-notes Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2021-47969?

Color Notes version 1.4 is susceptible to a denial of service attack. This vulnerability allows an attacker to crash the application by inputting excessively long character strings into note fields. By generating a payload of 350,000 repeated characters and pasting it into a new note twice, an attacker can render the application unresponsive, disrupting user access and functionality.

Affected Version(s)

Color Notes 1.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-47969 - Proof of Concept

References

https://www.exploit-db.com/exploits/49952

exploit

https://www.vulncheck.com/advisories/color-notes-denial-o...

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 16, 2026
👾
Exploit known to exist
May 16, 2026
Vulnerability published
May 16, 2026
Vulnerability Reserved
May 16, 2026

Credit

Geovanni Ruiz

CVE-2021-47969 Data

JSON