CVE-2026-62294: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in flameshot-org flameshot
A race condition vulnerability exists in flameshot prior to version 14.0.0 in the Open With feature. This flaw allows a local unprivileged attacker to pre-plant a symbolic link at a predictable temporary file path, causing Flameshot to overwrite arbitrary files writable by the victim user. The issue is fixed in version 14.0.0.
AI Analysis
Technical Summary
CVE-2026-62294 describes a time-of-check to time-of-use (TOCTOU) race condition in flameshot screenshot software before version 14.0.0. The Open With feature writes screenshots to a predictable temporary path and follows symbolic links without proper synchronization, enabling a local attacker to exploit this race condition by pre-creating a symlink. This can lead to arbitrary file overwrites of any file the victim user has write access to. The vulnerability is categorized under CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization) and CWE-377 (Insecure Temporary File).
Potential Impact
A local unprivileged attacker on the same machine can exploit this race condition to overwrite arbitrary files that the victim user can write, potentially leading to data corruption or privilege escalation depending on the victim user's permissions. The CVSS 4.0 score is 5.1 (medium severity), reflecting the local attack vector and required conditions.
Mitigation Recommendations
This vulnerability is fixed in flameshot version 14.0.0. Users should upgrade to version 14.0.0 or later to remediate this issue. No other official remediation or temporary fix information is provided. Patch status is not explicitly confirmed in the vendor advisory, but the description states the issue is fixed in 14.0.0, indicating an official fix is available.
CVE-2026-62294: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in flameshot-org flameshot
Description
A race condition vulnerability exists in flameshot prior to version 14.0.0 in the Open With feature. This flaw allows a local unprivileged attacker to pre-plant a symbolic link at a predictable temporary file path, causing Flameshot to overwrite arbitrary files writable by the victim user. The issue is fixed in version 14.0.0.
CVSS v4.0
Score 5.1medium
Affected software
pkg:github/flameshot-org/flameshotRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-62294 describes a time-of-check to time-of-use (TOCTOU) race condition in flameshot screenshot software before version 14.0.0. The Open With feature writes screenshots to a predictable temporary path and follows symbolic links without proper synchronization, enabling a local attacker to exploit this race condition by pre-creating a symlink. This can lead to arbitrary file overwrites of any file the victim user has write access to. The vulnerability is categorized under CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization) and CWE-377 (Insecure Temporary File).
Potential Impact
A local unprivileged attacker on the same machine can exploit this race condition to overwrite arbitrary files that the victim user can write, potentially leading to data corruption or privilege escalation depending on the victim user's permissions. The CVSS 4.0 score is 5.1 (medium severity), reflecting the local attack vector and required conditions.
Mitigation Recommendations
This vulnerability is fixed in flameshot version 14.0.0. Users should upgrade to version 14.0.0 or later to remediate this issue. No other official remediation or temporary fix information is provided. Patch status is not explicitly confirmed in the vendor advisory, but the description states the issue is fixed in 14.0.0, indicating an official fix is available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-07-13T18:37:08.488Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a579dd168715ace43e954f6
Added to database: 07/15/2026, 14:48:49 UTC
Last enriched: 07/15/2026, 15:05:43 UTC
Last updated: 07/15/2026, 15:08:22 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.