Cyber Posture

CVE-2026-22810

High

Published: 18 May 2026

Published
18 May 2026
Modified
19 May 2026
KEV Added
Patch
CVSS Score 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0002 3.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22810 is a high-severity Path Traversal: '../filedir' (CWE-24) vulnerability. Its CVSS base score is 8.2 (High).

Operationally, ranked at the 3.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

NVD Description

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not…

more

sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .one file that includes file names containing ../../, that are then interpreted as part of the target path when extracting attachments from the .one file. This issue has been patched in version 3.5.7.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-24

References