CVE-2026-62294
Flameshot prior to 14.0.0 is affected by a local TOCTOU race in the Open With feature. The software wrote screenshots to a predictable temporary path and followed symlinks, enabling a local unprivileged user on the same machine to pre-plant a symlink and cause Flameshot to write PNG data through ...