CVE-2026-50873
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk6th percentile — higher than 6% of all known CVEs
Summary
Version 5.5.4 of flatnotes contains a vulnerability that allows arbitrary file uploads in the attachment handling component. Attackers can exploit this flaw to execute arbitrary code by uploading a crafted HTML or SVG file.
Risk Assessment
This vulnerability poses a significant security risk as it allows attackers to execute remote code, potentially leading to system compromise.
Recommendation
It is recommended to upgrade to the latest version of flatnotes to mitigate this vulnerability and implement additional security measures to prevent unauthorized file uploads.
Original NVD description (English source)
An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or SVG file.

