CVE-2026-22035 – CVE-2026-22035 is a command injection vulnerabi... (How to Fix)

Q: What is the severity of CVE-2026-22035?

CVE-2026-22035 has a CVSS score of 7.7 (HIGH). CVE-2026-22035 is a command injection vulnerability in Greenshot screenshot utility that allows attackers to execute arbitrary operating system commands by crafting malicious filenames. This affects all Windows users running Greenshot versions 1.3.310 and below who use the external command destination feature.

📋 TL;DR

CVE-2026-22035 is a command injection vulnerability in Greenshot screenshot utility that allows attackers to execute arbitrary operating system commands by crafting malicious filenames. This affects all Windows users running Greenshot versions 1.3.310 and below who use the external command destination feature.

💻 Affected Systems

Products:

Greenshot

Versions: 1.3.310 and below

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires user interaction to trigger via malicious filename, but no special configuration needed.

📦 What is this software?

Greenshot by Getgreenshot

View all CVEs affecting Greenshot →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining SYSTEM privileges, installing malware, stealing credentials, and establishing persistence.

🟠

Likely Case

Local privilege escalation leading to data theft, lateral movement within the network, or ransomware deployment.

🟢

If Mitigated

Limited impact with only user-level access if proper application sandboxing and least privilege principles are implemented.

🌐 Internet-Facing: LOW - Greenshot is primarily a desktop application not typically exposed to internet.

🏢 Internal Only: HIGH - Attackers with initial access to a user's system can escalate privileges and move laterally.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user to process a malicious filename, but the injection itself is straightforward once triggered.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3.311

Vendor Advisory: https://github.com/greenshot/greenshot/security/advisories/GHSA-7hvw-q8q5-gpmj

Restart Required: Yes

Instructions:

1. Download Greenshot 1.3.311 or later from official GitHub releases. 2. Uninstall previous version. 3. Install new version. 4. Restart system.

🔧 Temporary Workarounds

Disable External Command Destination

windows

Prevent use of the vulnerable feature by disabling external command processing in Greenshot settings.

Application Sandboxing

windows

Run Greenshot with restricted permissions using Windows Sandbox or similar containerization.

🧯 If You Can't Patch

Implement strict filename validation at network/file share level to block shell metacharacters.
Run Greenshot under a limited user account with no administrative privileges.

🔍 How to Verify

Check if Vulnerable:

Check Greenshot version in Help > About. If version is 1.3.310 or lower, system is vulnerable.

Check Version:

wmic product where name='Greenshot' get version

Verify Fix Applied:

After updating, verify version shows 1.3.311 or higher in Help > About.

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing unexpected cmd.exe or powershell.exe execution from Greenshot process
Process creation events with unusual command-line arguments containing shell metacharacters

Network Indicators:

Unexpected outbound connections from Greenshot process
DNS queries to suspicious domains from system running Greenshot

SIEM Query:

Process Creation where (Image contains 'greenshot' AND CommandLine contains anycase ('&' OR '|' OR ';' OR '`' OR '$('))

📊 Metadata

CVE ID: CVE-2026-22035

CVSS v3 Score: 7.7 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 0.05% exploit probability (13.7th percentile)

Published: January 8, 2026

Last Updated: January 27, 2026

🔗 References

https://github.com/greenshot/greenshot/commit/5dedd5c9f0a9896fa0af1d4980d875a48bf432cb Patch
https://github.com/greenshot/greenshot/releases/tag/v1.3.311 Release Notes
https://github.com/greenshot/greenshot/security/advisories/GHSA-7hvw-q8q5-gpmj Vendor Advisory,Exploit
https://github.com/greenshot/greenshot/security/advisories/GHSA-7hvw-q8q5-gpmj Vendor Advisory,Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-22035, you might also want to check these: