CVE-2026-25792

Name of the Vulnerable Software and Affected Versions Greenshot versions 1.3.312 and below

Description Greenshot is a Windows screenshot utility. Versions 1.3.312 and below contain an untrusted executable search path/binary hijacking issue. A local attacker can execute arbitrary code when the application launches explorer.exe without using an absolute path. The issue is triggered when a user double-clicks the application’s tray icon, opening the directory containing the most recent screenshot. An attacker can place a malicious executable with the same name in a location searched before the legitimate Windows binary, gaining code execution in the application’s context.

Recommendations Versions prior to 1.3.312 should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.