CVE-2026-0777 - Vulnerability Details

- Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability

Description

Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xmind. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of attachments. When opening an attachment, the user interface fails to warn the user of unsafe actions. An attacker can leverage this vulnerability to execute code in the context of current user. Was ZDI-CAN-26034.

Published: 2026-02-20

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

This flaw resides in the attachment handling code of Xmind. The user interface does not warn users when an attachment contains potentially unsafe actions, allowing an attacker to execute arbitrary code in the context of the current user. The vulnerability is actionable only when a user visits a malicious web page or opens a malicious file, giving the attacker the ability to run shell commands or install malware.

Affected Systems

The affected system is Xmind for all installed versions. No specific release or version information is disclosed in the advisory, which means that any installation of Xmind that has not applied an official update may be vulnerable.

Risk and Exploitability

The CVSS metric scores this issue as high (7.8), reflecting the potential for complete compromise of the user’s system. The EPSS score is below 1%, indicating that exploitation attempts are currently rare or low likelihood. The vulnerability is not listed in the CISA Known Exploit Vulnerabilities catalog. The attack surface requires user interaction – a malicious page that triggers the attachment viewer or a crafted attachment. Once the user opens the file or page, code runs with the privileges of the user, which can lead to full system compromise.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Xmind

unknown

Version	Status	Constraints
`24.10.01101-202410202317`	affected	—

No data.

Vendor Product Confidence Versions

Xmind

100%

Version	Status	Scheme	Platform
`24.10.01101-202410202317`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Xmind to the latest release that includes a fix for the attachment handling flaw.
If no update exists, disable attachment processing or block the loading of potential unsafe file types such as those recognized as malicious actions.
Provide training for users to avoid opening unknown attachments or visiting suspicious web pages and enable any available UI warnings for unsafe file operations.

Generated by OpenCVE AI on April 17, 2026 at 17:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00045.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.zerodayinitiative.com/advisories/ZDI-26-069/

History

Tue, 24 Feb 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 23 Feb 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Xmind Xmind xmind
Vendors & Products		Xmind Xmind xmind

Fri, 20 Feb 2026 22:15:00 +0000

Type	Values Removed	Values Added
Description		Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xmind. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of attachments. When opening an attachment, the user interface fails to warn the user of unsafe actions. An attacker can leverage this vulnerability to execute code in the context of current user. Was ZDI-CAN-26034.
Title		Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability
Weaknesses		CWE-356
References		https://www.zerodayinitiative.com/advisories/ZDI-26-069/
Metrics		cvssV3_0 `{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

Subscriptions

Xmind Xmind

MITRE

Status: PUBLISHED

Assigner: zdi

Published: 2026-02-20T22:11:08.647Z

Updated: 2026-02-26T14:44:13.391Z

Reserved: 2026-01-08T22:50:54.343Z

Link: CVE-2026-0777

Vulnrichment

Updated: 2026-02-24T14:53:53.099Z

NVD

Status : Deferred

Published: 2026-02-20T22:16:19.097

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-0777

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T17:15:23Z

Weaknesses

CWE-356

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object