CVE-2026-22035

Name of the Vulnerable Software and Affected Versions Greenshot versions 1.3.310 and below

Description Greenshot is a Windows screenshot utility. Versions 1.3.310 and below are susceptible to an OS Command Injection issue due to inadequate sanitization of filenames. The FormatArguments function within the ExternalCommandDestination.cs file (line 269) utilizes string.Format() to incorporate user-provided filenames directly into shell commands without proper sanitization. This allows attackers to execute arbitrary commands by crafting malicious filenames containing shell metacharacters. The issue is addressed in version 1.3.311.

Recommendations Versions prior to 1.3.311 are vulnerable. Update Greenshot to version 1.3.311 or later.