Severity by source
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer (e.g. via XSS or a malicious plugin), can read, write, or delete arbitrary files on the user's system. While only version v0.10.15 was tested and confirmed as vulnerable, status of other versions is unknown since this issue was not addressed by a patch.
AnalysisAI
Arbitrary file read, write, and delete in the Logseq Electron desktop knowledge-management application is possible when an attacker can execute JavaScript inside the renderer process, because the preload script exposes an IPC bridge method that omits path validation. Version 0.10.15 has been confirmed vulnerable by CERT-PL, and because no patch was released the status of other releases is unverified. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Technical ContextAI
Logseq is built on Electron, which separates a sandboxed Chromium renderer from a privileged Node.js main process. The two communicate via Electron's IPC channel, and a preload script defines which main-process functions the renderer is allowed to call. CWE-749 (Exposed Dangerous Method or Function) applies here: the preload script (contextBridge) registers an API that forwards calls to filesystem IPC handlers in the main process without canonicalising or constraining the supplied path. Because the main process runs with the full privileges of the user account, any path the renderer supplies - including paths outside the Logseq graph directory - is honoured for read, write, or delete operations, breaking the renderer/main trust boundary that Electron's context isolation is supposed to enforce.
RemediationAI
No vendor-released patch identified at time of analysis, so no fixed version can be cited. Until Logseq publishes a build that path-validates the exposed IPC method, the practical compensating controls are: avoid installing third-party Logseq plugins or audit any plugin source before loading it (trade-off: loses extensibility, which is a core Logseq value proposition); do not import untrusted markdown, HTML, or PDF content into graphs, since stored XSS in note rendering is the most likely renderer-foothold vector; run Logseq under a dedicated low-privilege OS account or inside a sandbox such as Firejail or Flatpak with restricted filesystem access so that arbitrary-file operations cannot reach the user's SSH keys, browser profiles, or shell rc files (trade-off: complicates graph storage paths and sync setups); and monitor https://logseq.com/ and the CERT-PL advisory at https://cert.pl/en/posts/2026/06/CVE-2026-9279/ for a patched release.
Command injection in Logseq desktop application enables remote code execution via shell metacharacter abuse in IPC-expos
Logseq's plugin sandbox can be escaped by a malicious plugin that injects arbitrary HTML event handler attributes into i
Stored XSS in Logseq's plugin subsystem escalates to arbitrary code execution within the privileged Electron host contex
Same weakness CWE-749 – Exposed Dangerous Method or Function
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35436
GHSA-jq3m-h4m5-r9j5