NIXPKGS-2026-1671

GitHub issue published on

Permalink CVE-2026-22810

8.2 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): Required (R)
Scope (S): Changed (C)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 2 hours ago by @LeSuisse Activity log

Created suggestion 9 hours ago
@LeSuisse ignored
2 packages
- joplin-cli
- joplin
3 hours ago
@LeSuisse ignored reference https://g… 3 hours ago
@LeSuisse accepted 3 hours ago
@LeSuisse published on GitHub 2 hours ago

Joplin: Path traversal in OneNote importer allows overwriting arbitrary files

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .one file that includes file names containing ../../, that are then interpreted as part of the target path when extracting attachments from the .one file. This issue has been patched in version 3.5.7.