CVE-2026-25792

Greenshot is an open source Windows screenshot utility. Versions 1.3.312 and below have untrusted executable search path / binary hijacking vulnerability that allows a local attacker to execute arbitrary code when the affected Windows application launches explorer.exe without using an absolute path. The vulnerable behavior is triggered when the user double-clicks the application’s tray icon, which opens the directory containing the most recent screenshot captured by the application. By placing a malicious executable with the same name in a location searched prior to the legitimate Windows binary, an attacker can gain code execution in the context of the application. This issue did not have a patch at the time of publication.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.6 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/greenshot/greenshot/security/advisories/GHSA-f8v9-7fph-fr2j	Exploit Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:getgreenshot:greenshot:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-20 11:18

Updated : 2026-03-23 15:51

NVD link : CVE-2026-25792

Mitre link : CVE-2026-25792

CVE.ORG link : CVE-2026-25792

JSON object : View

Products Affected

getgreenshot

greenshot

CWE

CWE-426

Untrusted Search Path

{"id": "CVE-2026-25792", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.6}]}, "published": "2026-03-20T11:18:01.753", "references": [{"url": "https://github.com/greenshot/greenshot/security/advisories/GHSA-f8v9-7fph-fr2j", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-426"}]}], "descriptions": [{"lang": "en", "value": "Greenshot is an open source Windows screenshot utility. Versions 1.3.312 and below have untrusted executable search path / binary hijacking vulnerability that allows a local attacker to execute arbitrary code when the affected Windows application launches explorer.exe without using an absolute path. The vulnerable behavior is triggered when the user double-clicks the application\u2019s tray icon, which opens the directory containing the most recent screenshot captured by the application. By placing a malicious executable with the same name in a location searched prior to the legitimate Windows binary, an attacker can gain code execution in the context of the application. This issue did not have a patch at the time of publication."}, {"lang": "es", "value": "Greenshot es una utilidad de captura de pantalla de c\u00f3digo abierto para Windows. Las versiones 1.3.312 e inferiores tienen una vulnerabilidad de ruta de b\u00fasqueda de ejecutables no confiable / secuestro de binarios que permite a un atacante local ejecutar c\u00f3digo arbitrario cuando la aplicaci\u00f3n de Windows afectada inicia explorer.exe sin usar una ruta absoluta. El comportamiento vulnerable se activa cuando el usuario hace doble clic en el icono de la bandeja de la aplicaci\u00f3n, lo que abre el directorio que contiene la captura de pantalla m\u00e1s reciente capturada por la aplicaci\u00f3n. Al colocar un ejecutable malicioso con el mismo nombre en una ubicaci\u00f3n buscada antes que el binario leg\u00edtimo de Windows, un atacante puede obtener la ejecuci\u00f3n de c\u00f3digo en el contexto de la aplicaci\u00f3n. Este problema no ten\u00eda un parche en el momento de la publicaci\u00f3n."}], "lastModified": "2026-03-23T15:51:14.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:getgreenshot:greenshot:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B340B100-847F-4824-9932-4C01557EFC42", "versionEndIncluding": "1.3.312"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}