2 matches found
CVE-2026-22810
CVE-2026-22810 affects Joplin prior to 3.5.7, via a path traversal vulnerability in the OneNote importer. The OneNote converter does not sanitize embedded file names when writing attachments, allowing file names containing ../../ to influence the target path and overwrite arbitrary files on disk....
@joplin/onenote-converter: Path traversal in OneNote importer allows overwriting arbitrary files
Summary A path traversal vulnerability in the OneNote importer allows overwriting arbitrary files on disk. Details The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .one file that...