CVE-2021-40531
9.8 CRITICALSketch before 75 allows library feeds to be used to bypass file quarantine
Published: 2021-09-06 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-434
Affected products
| Vendor | Product |
|---|---|
| sketch | sketch |
Description
Sketch before 75 allows library feeds to be used to bypass file quarantine. Files are automatically downloaded and opened, without the com.apple.quarantine extended attribute. This results in remote code execution, as demonstrated by CommandString in a terminal profile to Terminal.app.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-40531
- [Exploit reference]https://jonpalmisc.com/2021/11/22/cve-2021-40531
- [Patch]https://www.sketch.com/updates/#version-75
- [Exploit reference]https://jonpalmisc.com/2021/11/22/cve-2021-40531
- [Patch]https://www.sketch.com/updates/#version-75
Related CVEs
Same CWE
- CVE-2026-40750 — Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server (9.9 CRITICAL)
- CVE-2026-6933 — The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and inclu... (8.8 HIGH)
- CVE-2026-40772 — Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions (10.0 CRITICAL)
- CVE-2026-39591 — Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions (9.9 CRITICAL)
- CVE-2026-39527 — Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions (5.4 MEDIUM)