Skip to main content

Trilium Notes CVE-2026-45668

| EUVD-2026-33376 CRITICAL
Path Traversal (CWE-22)
2026-05-29 GitHub_M
XSS Path Traversal Trilium
9.3
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

4
Analysis Generated
May 29, 2026 - 20:00 vuln.today
Patch available
May 29, 2026 - 19:01 EUVD
CVSS changed
May 29, 2026 - 18:22 NVD
9.3 (CRITICAL)
CVE Published
May 29, 2026 - 17:18 nvd
UNKNOWN (no severity yet)

DescriptionGitHub Advisory

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled achieves RCE via #docName path traversal and XSS by combining a payload note (type: code, mime: text/plain) containing raw HTML/JS and a trigger note (type: doc or type: launcher) with a #docName label that uses ../ path traversal to point at the payload note's API endpoint. The desktop client Electron renderer runs with nodeIntegration enabled, so an RCE is triggered once the payload is executed. This vulnerability is fixed in 0.102.2.

AnalysisAI

Remote code execution in TriliumNext Trilium Notes desktop client prior to 0.102.2 allows attackers to achieve arbitrary code execution by tricking a user into importing a malicious ZIP archive with safe import enabled. The flaw chains a #docName path traversal (CWE-22) with stored XSS, and the Electron renderer's nodeIntegration=true setting elevates the XSS into full host RCE. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Craft malicious ZIP with payload code note and traversal-labeled trigger note
Delivery
Deliver archive to victim via email or shared link
Exploit
Victim imports archive with safe import enabled
Install
#docName ../ traversal resolves to payload note API endpoint
C2
Payload HTML/JS renders in Electron renderer
Execute
nodeIntegration grants Node.js APIs
Impact
Arbitrary code execution on victim host
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to use the Trilium desktop (Electron) client at a version below 0.102.2, to import an attacker-supplied ZIP archive through the application's Import feature with safe import enabled, and to subsequently navigate to or trigger the malicious launcher/doc note whose #docName label contains a ../ path-traversal sequence pointing at a payload code note (type: code, mime: text/plain) carrying raw HTML/JavaScript. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed and require careful interpretation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker shares what appears to be a useful Trilium knowledge-base archive (e.g., a research notes export) with the victim via email, chat, or a forum. The victim opens Trilium and uses Import with safe import enabled; the archive plants a payload code note containing JavaScript and a launcher/doc note whose #docName label traverses (../) to the payload's API endpoint, executing the script in the Electron renderer with Node.js privileges and yielding shell access on the victim's host.
Remediation Upgrade to Trilium 0.102.2 or later, which is the vendor-released patch confirmed in the GitHub Security Advisory GHSA-9jjc-cccq-f6rh (https://github.com/TriliumNext/Trilium/security/advisories/GHSA-9jjc-cccq-f6rh). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Scan environment to identify all TriliumNext Trilium Notes installations prior to version 0.102.2; send urgent notification advising users to avoid importing ZIP files from untrusted sources and defer optional imports until patched. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-45668 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy