Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Due to a disabled Content Security Policy (CSP), this allows a malicious plugin to execute arbitrary JavaScript in the privileged host context, potentially gaining unauthorized access to filesystem APIs. While only version v0.10.15 was tested and confirmed as vulnerable, status of other versions is unknown since this issue was not addressed by a patch.
AnalysisAI
Logseq's plugin sandbox can be escaped by a malicious plugin that injects arbitrary HTML event handler attributes into its host DOM container element, executing JavaScript in the privileged Electron renderer context. The attack is enabled by a disabled Content Security Policy in the host context, which removes the browser-level barrier that would otherwise block inline event handler execution. Only v0.10.15 has been confirmed vulnerable by CERT-PL; no patch has been released, and the vulnerability status of all other versions remains unknown. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog.
Technical ContextAI
Logseq is a local-first, Electron-based knowledge management application that supports third-party plugins running inside sandboxed iframes to isolate them from the host environment. The vulnerability (CWE-79: Improper Neutralization of Input During Web Page Generation - Cross-site Scripting) arises because the application fails to sanitize or restrict which HTML attributes plugin content can inject into its container element in the host DOM. A plugin can therefore inject JavaScript event handlers such as onmouseover or onclick directly into the host DOM tree. Critically, the Logseq host context operates without a Content Security Policy, meaning there is no browser-enforced restriction preventing these injected inline event handlers from executing. Once triggered by user interaction with the affected DOM element, the injected JavaScript runs in the Electron renderer's privileged context, where Logseq's filesystem APIs and potentially Node.js integration are accessible. The affected CPE is cpe:2.3:a:logseq:logseq:*:*:*:*:*:*:*:*, though only v0.10.15 has been empirically confirmed vulnerable.
RemediationAI
No vendor-released patch has been identified at time of analysis. As the most direct compensating control, users should disable all third-party Logseq plugins immediately if sensitive local data is accessible - this eliminates the attack vector entirely but removes all plugin functionality as a trade-off. For users who require plugins, restricting usage strictly to plugins with audited, publicly available source code significantly reduces exposure, since the attack requires the attacker to control plugin code. Users should monitor https://logseq.com/ and the Logseq GitHub repository for a patch release addressing the missing Content Security Policy and the attribute injection pathway. Organizations should audit their plugin inventory and remove any plugins from unknown or unverified authors pending a vendor fix. The CERT-PL advisory at https://cert.pl/en/posts/2026/06/CVE-2026-9279/ should be tracked for updates on patch availability.
Arbitrary file read, write, and delete in the Logseq Electron desktop knowledge-management application is possible when
Command injection in Logseq desktop application enables remote code execution via shell metacharacter abuse in IPC-expos
Stored XSS in Logseq's plugin subsystem escalates to arbitrary code execution within the privileged Electron host contex
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35438
GHSA-jm26-ghmc-7c2w