Local File Overwrite in Flameshot Screenshot Tool
CVE-2026-62294
5.1MEDIUM
What is CVE-2026-62294?
Flameshot, a popular screenshot tool, has a vulnerability related to its Open With feature that can lead to local file overwrite issues. In versions prior to 14.0.0, the application wrote screenshots to a predictable temporary path and was susceptible to symlink attacks. A local unprivileged attacker could exploit this flaw by pre-planting a symlink, allowing them to redirect and overwrite files accessible to the victim user. This vulnerability has been addressed in the latest release, version 14.0.0.
Affected Version(s)
flameshot < 14.0.0
