laurent22 CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM laurent22 CVE published 2026-05-19

CVE-2026-34600

CVE-2026-34600 is a medium-severity information-disclosure issue in Joplin’s delta API. In affected versions 3.5.2 and earlier, share recipients could receive delta output that included the latest state of notes even after those notes were no longer shared with them. The issue is tied to how item state is attached during delta generation and how page-based change compression can incorrectly collapse a cre [truncated]

MEDIUM laurent22 CVE published 2026-05-19

CVE-2025-57798

CVE-2025-57798 is a denial-of-service issue in Joplin’s note title input handling. In versions 3.6.14 and earlier, an excessively long title can trigger out-of-memory conditions and terminate the application. The issue can be reached through the UI by a local user, or through Joplin’s local web service API if an attacker has a valid authentication token. The fix is included in Joplin 3.7.1.