CVE-2026-50873 | THREATINT

Description

An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or SVG file.

PUBLISHED Reserved 2026-06-07 | Published 2026-06-15 | Updated 2026-06-16 | Assigner mitre

References

gist.github.com/pyuysig/ab0af5b10877fb906941e05a69b202a7 exploit

gist.github.com/pyuysig/ab0af5b10877fb906941e05a69b202a7

cve.org (CVE-2026-50873)

nvd.nist.gov (CVE-2026-50873)

Download JSON