HIGHCVE-2024-53268CVSS 7.3

CVE-2024-53268: RCE in Joplin for Windows

Q: What is CVE-2024-53268 — RCE in Joplin?

CVE-2024-53268 is a Remote Code Execution vulnerability in Joplin for Windows, allowing attackers to execute code by exploiting a lack of URI scheme filtering. It affects versions up to 3.0.2.

Q: Am I affected by CVE-2024-53268 in Joplin?

Yes, if you are using Joplin on Windows and your version is 3.0.2 or earlier, you are affected by this vulnerability.

Q: How do I fix CVE-2024-53268 in Joplin?

Upgrade to Joplin version 3.0.3 or later to resolve this vulnerability. There are no known workarounds.

Q: Is CVE-2024-53268 being actively exploited?

As of now, there are no confirmed reports of active exploitation, but the vulnerability's potential impact makes it a likely target.

Q: Where can I find the official Joplin advisory for CVE-2024-53268?

Refer to the official Joplin security advisory on their website or GitHub repository for detailed information and updates.

Platform

windows

Component

joplin

Fixed in

3.0.4

AI Confidence: highNVDEPSS 2.6%Reviewed: May 2026

View on NVD

Save

CVE-2024-53268 is a Remote Code Execution (RCE) vulnerability discovered in Joplin, an open-source note-taking application. This flaw allows attackers to execute arbitrary code on Windows systems by abusing the openExternal function without proper URI scheme validation. The vulnerability impacts Joplin versions 3.0.2 and earlier, and a fix is available in version 3.0.3. Users are strongly advised to upgrade immediately.

Impact and Attack Scenarios

The impact of CVE-2024-53268 is significant, as it enables remote code execution. An attacker could leverage this vulnerability to gain complete control over a vulnerable Windows system. This could involve installing malware, stealing sensitive data (notes, passwords, credentials), or pivoting to other systems on the network. The lack of URI scheme filtering means that a malicious link, crafted to include a harmful command, could be opened by Joplin, leading to code execution. This is particularly concerning given Joplin’s use for storing sensitive information.

Exploitation Context

CVE-2024-53268 was publicly disclosed on 2024-11-25. Currently, there are no publicly available proof-of-concept exploits. The vulnerability is not listed on the CISA KEV catalog as of this writing. The ease of exploitation, combined with the potential impact, suggests that this vulnerability could become a target for attackers, especially given the widespread use of Joplin.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureLow

EPSS

2.62% (86% percentile)

CISA SSVC

Exploitationpoc

Automatableno

Technical Impacttotal

CVSS Vector

Affected Software

Componentjoplin

Vendorlaurent22

Affected rangeFixed in

< 3.0.3 – < 3.0.33.0.4

Weakness Classification (CWE)

CWE-94

Timeline

Reserved2024-11-19
Published2024-11-25
EPSS updated2026-04-02

Mitigation and Workarounds

The primary mitigation for CVE-2024-53268 is to upgrade to Joplin version 3.0.3 or later. As there are no known workarounds, upgrading is the only effective defense. Prior to upgrading, it's recommended to back up your Joplin data to prevent potential data loss. After upgrading, verify the fix by attempting to open a specially crafted URL containing a malicious URI scheme; Joplin should not execute any code. Consider implementing application whitelisting policies to further restrict the execution of untrusted applications.

How to fix

Actualice Joplin a la versión 3.0.3 o superior. Esta versión corrige la vulnerabilidad de ejecución remota de código. Descargue la última versión desde el sitio web oficial de Joplin o a través del gestor de paquetes de su sistema operativo.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2024-53268 — RCE in Joplin?