Local File Overwrite in Flameshot Screenshot Tool
CVE-2026-62294

5.1MEDIUM

Key Information:

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-62294?

Flameshot, a popular screenshot tool, has a vulnerability related to its Open With feature that can lead to local file overwrite issues. In versions prior to 14.0.0, the application wrote screenshots to a predictable temporary path and was susceptible to symlink attacks. A local unprivileged attacker could exploit this flaw by pre-planting a symlink, allowing them to redirect and overwrite files accessible to the victim user. This vulnerability has been addressed in the latest release, version 14.0.0.

Affected Version(s)

flameshot < 14.0.0

References

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.