Joplin 2.6.10 allows remote malicious users to execute system commands through malicious code in user search results.
joplin project joplin 2.6.10