Bug 2500974 (CVE-2026-62294) - CVE-2026-62294 flameshot: Flameshot: Local file overwrite via time-of-check to time-of-use race condition
Summary: CVE-2026-62294 flameshot: Flameshot: Local file overwrite via time-of-check t...
Keywords:
Status: NEW
Alias: CVE-2026-62294
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2501081
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-07-15 15:02 UTC by OSIDB Bzimport
Modified: 2026-07-15 19:20 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-07-15 15:02:54 UTC
Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to time-of-use race that allowed a local unprivileged attacker on the same machine to pre-plant a symlink and cause Flameshot to write PNG data through it, overwriting any file the victim user could write. This issue is fixed in version 14.0.0.


Note You need to log in before you can comment on or make changes to this bug.