Denial of Service Vulnerability in Joplin Note-Taking Application
CVE-2025-57798

5.5MEDIUM

Key Information:

Vendor: Laurent22
Status: Joplin
Vendor: CVE Published:; 19 May 2026

What is CVE-2025-57798?

Joplin, an open source note-taking application, has a Denial of Service vulnerability due to improper validation of title input length. This flaw allows attackers to exploit the application by causing an Out Of Memory (OOM) error, leading to unexpected termination of the application. Attackers can exploit this vulnerability through two primary vectors: direct user input or by leveraging the local web service API after compromising a user's authentication token. By entering excessively long strings into the note title, either manually or via a crafted HTTP POST request, the application attempts to allocate an unbounded amount of memory. This vulnerability has been addressed in version 3.7.1.

Affected Version(s)

joplin < 3.7.1

References

https://github.com/laurent22/joplin/security/advisories/G...

x_refsource_CONFIRM

https://github.com/laurent22/joplin/commit/5b8795da446a5a...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
Aug 20, 2025

CVE-2025-57798 Data

JSON

Laurent22

What is CVE-2025-57798?

Affected Version(s)

References

CVSS V3.1

Timeline