Description
Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Format() to insert user-controlled filenames directly into shell commands without sanitization, allowing attackers to execute arbitrary commands by crafting malicious filenames containing shell metacharacters. This issue is fixed in version 1.3.311.
Published: 2026-01-08
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Command Execution
Action: Immediate Patch
AI Analysis

Impact

Greenshot, an open‑source Windows screenshot utility, contains an OS Command Injection flaw in the ExternalCommand plugin. The FormatArguments method concatenates user-controlled filenames directly into shell commands without sanitization. A crafted filename with shell metacharacters can cause Greenshot to execute arbitrary commands, enabling an attacker to gain local command execution on any system where the vulnerable version runs. The vulnerability maps to CWE‑78 and can compromise both the confidentiality and integrity of the affected system.

Affected Systems

The flaw affects Greenshot versions 1.3.310 and all earlier releases. Users running these versions on Windows should be aware that unsanitized filenames processed by the ExternalCommand plugin can be used to inject commands.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity level, while the EPSS score of less than 1% suggests that exploitation is currently unlikely. Greenshot is not listed in the CISA Known Exploited Vulnerabilities catalog. The vulnerability can be exploited via local delivery of a malicious file name or by an attacker who can place a specially crafted file in a location that Greenshot processes. Because the flaw requires local execution of Greenshot, the attack vector is most likely local and requires that the user runs the application or that an attacker can influence the file name used during capture.

Generated by OpenCVE AI on April 18, 2026 at 07:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Greenshot to version 1.3.311 or later, which removes the vulnerable code.
  • Disable or uninstall the ExternalCommand plugin until the official fix is applied.
  • Audit existing screenshot files for maliciously crafted names and delete any that match the pattern of injected command characters.
  • Restrict who can place or modify screenshot files in directories accessed by Greenshot, limiting the exposure of untrusted file names.

Generated by OpenCVE AI on April 18, 2026 at 07:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 27 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Getgreenshot
Getgreenshot greenshot
CPEs cpe:2.3:a:getgreenshot:greenshot:*:*:*:*:*:*:*:*
Vendors & Products Getgreenshot
Getgreenshot greenshot

Thu, 08 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 08 Jan 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Greenshot
Greenshot greenshot
Microsoft
Microsoft windows
Vendors & Products Greenshot
Greenshot greenshot
Microsoft
Microsoft windows

Thu, 08 Jan 2026 00:30:00 +0000

Type Values Removed Values Added
Description Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Format() to insert user-controlled filenames directly into shell commands without sanitization, allowing attackers to execute arbitrary commands by crafting malicious filenames containing shell metacharacters. This issue is fixed in version 1.3.311.
Title Greenshot Vulnerable to OS Command Injection via ExternalCommand Plugin
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Subscriptions

Getgreenshot Greenshot
Greenshot Greenshot
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-26T15:04:55.208Z

Reserved: 2026-01-05T22:30:38.719Z

Link: CVE-2026-22035

cve-icon Vulnrichment

Updated: 2026-01-08T19:07:47.253Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-08T01:15:55.847

Modified: 2026-01-27T19:11:58.087

Link: CVE-2026-22035

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T08:00:05Z

Weaknesses