Description
Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350,000 repeated characters and paste it twice into a new note to cause the application to stop responding.
Published: 2026-05-16
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Color Notes 1.4 is vulnerable to a denial‑of‑service attack that allows an attacker to crash the application by submitting an excessively long string into a note field; the flaw arises from the application’s inability to correctly handle extremely large input, with a payload of 350,000 repeated characters pasted twice into a new note causing the process to become unresponsive; this results in loss of application availability for users and is classified as a CWE‑789 vulnerability.

Affected Systems

The vulnerability exists in Color Notes 1.4 distributed by the Color Notes vendor; no other versions or products are identified in the available data.

Risk and Exploitability

The CVSS score of 8.7 classifies the flaw as high severity; the EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. Attackers can invoke the flaw from any UI that accepts new note entry, so the likely attack vector is through normal user interaction with the application’s note creation interface; an attacker only needs the ability to input data and can trigger the crash without additional privileges or system exploitation.

Generated by OpenCVE AI on May 16, 2026 at 16:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a newer version of Color Notes when a patch is released
  • Implement server‑side input validation that limits the length of note content to a safe threshold (for example, reject any note field larger than 100,000 characters)
  • Configure the application to reject note submissions that exceed the safe character count before processing

Generated by OpenCVE AI on May 16, 2026 at 16:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 16 May 2026 15:45:00 +0000

Type Values Removed Values Added
Description Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350,000 repeated characters and paste it twice into a new note to cause the application to stop responding.
Title Color Notes 1.4 Denial of Service via Long Character String
Weaknesses CWE-789
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-16T15:26:10.282Z

Reserved: 2026-05-16T14:29:45.604Z

Link: CVE-2021-47969

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-16T16:16:22.170

Modified: 2026-05-16T16:16:22.170

Link: CVE-2021-47969

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-16T17:00:13Z

Weaknesses