CVE Catalog

CVE-2026-50873

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile — higher than 6% of all known CVEs

Summary

Version 5.5.4 of flatnotes contains a vulnerability that allows arbitrary file uploads in the attachment handling component. Attackers can exploit this flaw to execute arbitrary code by uploading a crafted HTML or SVG file.

Risk Assessment

This vulnerability poses a significant security risk as it allows attackers to execute remote code, potentially leading to system compromise.

Recommendation

It is recommended to upgrade to the latest version of flatnotes to mitigate this vulnerability and implement additional security measures to prevent unauthorized file uploads.

Original NVD description (English source)

An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or SVG file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS