onenote_parser CVE-2026-46671
MEDIUMSeverity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Lifecycle Timeline
2DescriptionGitHub Advisory
Impact
A maliciously crafted .onetoc2 table-of-contents file can cause Parser::parse_notebook to open arbitrary files on the host filesystem outside the notebook's directory. The parser reads entry names listed inside the .onetoc2 and joins them against the notebook's base directory without validating that they are relative paths confined to that directory.
The parser will bail out when the target file fails to parse as a OneNote section, so direct content exfiltration through the parser's return value is not practical, though file-existence probing and denial-of-service via large or special files remain possible.
Anyone using onenote_parser to parse .onetoc2 files received from untrusted sources is affected. Users who only ever parse their own notebooks are not at meaningful risk.
Patches
Fixed in onenote_parser 1.1.1. The fix rejects absolute paths, parent-directory components, and other invalid path characters in entry names, and additionally canonicalises the resolved path to confirm it stays inside the notebook's base directory.
Workarounds
For users who cannot upgrade to 1.1.1:
- Only call
Parser::parse_notebookon.onetoc2files from trusted sources. - Alternatively, use
Parser::parse_section/Parser::parse_section_bufferon individual .one files, which do not perform the directory walk.
AnalysisAI
Path traversal in the Rust crate onenote_parser (versions before 1.1.1) enables an attacker who supplies a malicious .onetoc2 notebook table-of-contents file to direct Parser::parse_notebook to open arbitrary files on the host filesystem outside the intended notebook directory. While direct content exfiltration is constrained by the parser aborting when a target file fails to parse as a OneNote section, file-existence probing and denial-of-service via large or special files (e.g., named pipes, device nodes) remain viable attack outcomes. No public exploit has been identified and no confirmed active exploitation exists; vendor-released patch version 1.1.1, published 2026-05-15, resolves the issue.
Technical ContextAI
The onenote_parser Rust crate (pkg:rust/onenote_parser) implements parsing of Microsoft OneNote formats, including .onetoc2 table-of-contents files that enumerate section file entry names. The vulnerable Parser::parse_notebook function reads these entry names and appended them directly to the notebook's base directory path using PathBuf::push() without any validation that the result remained within that directory - a textbook CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) root cause. An attacker could supply entry names containing absolute paths (e.g., /etc/passwd), parent-directory components (../), or other traversal sequences to redirect the parser to arbitrary filesystem locations. The fix in commit c9267b2c96e2542be7e7b557d67318e81b733585 introduces a dedicated resolve_entry_path function that rejects absolute paths and ParentDir, RootDir, and Prefix path components, applies sanitise-file-name crate validation to each filename component, and then canonicalizes both the base directory and resolved candidate path to confirm via starts_with() that the result is genuinely contained within the notebook directory.
RemediationAI
Upgrade to onenote_parser 1.1.1, available on crates.io and confirmed via the CHANGELOG at https://github.com/msiemens/onenote.rs/blob/master/CHANGELOG.md#111---2026-05-15 and the fix commit at https://github.com/msiemens/onenote.rs/commit/c9267b2c96e2542be7e7b557d67318e81b733585. For users who cannot immediately upgrade: restrict Parser::parse_notebook calls to .onetoc2 files from verified trusted sources only, eliminating the untrusted-input attack surface with no functional trade-off for trusted-source use cases. Alternatively, replace notebook-level parsing with direct calls to Parser::parse_section or Parser::parse_section_buffer on individual .one files - these functions do not perform the directory walk and are unaffected by this vulnerability, but this workaround requires application-level refactoring and foregoes automatic notebook structure discovery via .onetoc2. Vendor advisory: https://github.com/msiemens/onenote.rs/security/advisories/GHSA-4j5m-wc25-pvh7.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-4j5m-wc25-pvh7