Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
Xmind Can Execute Malicious Code If You Open a Bad File
CVE-2026-0777
Summary
If you open a malicious file in Xmind, an attacker can run code on your computer. This can happen if you visit a bad website or open a file from a sketchy source. Make sure to only open attachments from trusted sources and be cautious when opening files from unknown sources.
Original title
Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xmind. User interacti...
Original description
Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xmind. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of attachments. When opening an attachment, the user interface fails to warn the user of unsafe actions. An attacker can leverage this vulnerability to execute code in the context of current user. Was ZDI-CAN-26034.
The specific flaw exists within the handling of attachments. When opening an attachment, the user interface fails to warn the user of unsafe actions. An attacker can leverage this vulnerability to execute code in the context of current user. Was ZDI-CAN-26034.
nvd CVSS3.0
7.8
Vulnerability type
CWE-356
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026