{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T12:57:06.441","vulnerabilities":[{"cve":{"id":"CVE-2026-22035","sourceIdentifier":"security-advisories@github.com","published":"2026-01-08T01:15:55.847","lastModified":"2026-01-27T19:11:58.087","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Format() to insert user-controlled filenames directly into shell commands without sanitization, allowing attackers to execute arbitrary commands by crafting malicious filenames containing shell metacharacters. This issue is fixed in version 1.3.311."},{"lang":"es","value":"Greenshot es una utilidad de captura de pantalla de código abierto para Windows. Las versiones 1.3.310 e inferiores son vulnerables a la inyección de comandos del sistema operativo a través del procesamiento de nombres de archivo no saneados. El método FormatArguments en ExternalCommandDestination.cs:269 utiliza string.Format() para insertar nombres de archivo controlados por el usuario directamente en comandos de shell sin saneamiento, lo que permite a los atacantes ejecutar comandos arbitrarios al crear nombres de archivo maliciosos que contienen metacaracteres de shell. Este problema está corregido en la versión 1.3.311."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:getgreenshot:greenshot:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.311","matchCriteriaId":"964FCC5B-97DF-4775-B17B-8E1FB673B863"}]}]}],"references":[{"url":"https://github.com/greenshot/greenshot/commit/5dedd5c9f0a9896fa0af1d4980d875a48bf432cb","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/greenshot/greenshot/releases/tag/v1.3.311","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/greenshot/greenshot/security/advisories/GHSA-7hvw-q8q5-gpmj","source":"security-advisories@github.com","tags":["Vendor Advisory","Exploit"]},{"url":"https://github.com/greenshot/greenshot/security/advisories/GHSA-7hvw-q8q5-gpmj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Vendor Advisory","Exploit"]}]}}]}