CVE-2026-22810
HIGHDescription
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .one file that includes file names containing ../../, that are then interpreted as part of the target path when extracting attachments from the .one file. This issue has been patched in version 3.5.7.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2026-22810? +
How severe is CVE-2026-22810? +
How do I check if I'm vulnerable to CVE-2026-22810? +
Related Vulnerabilities
esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a path-traversal flaw in the …
Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs …
The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, …
Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. …
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller …
An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in …