Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Logseq is vulnerable to a stored cross-site scripting (XSS). A malicious plugin can include a JavaScript payload in the "name" field of its "package.json" file, which is rendered using "innerHTML" without proper sanitization, allowing the execution of arbitrary code in the privileged host context. While only version v0.10.15 was tested and confirmed as vulnerable, status of other versions is unknown since this issue was not addressed by a patch.
AnalysisAI
Stored XSS in Logseq's plugin subsystem escalates to arbitrary code execution within the privileged Electron host context due to unsanitized innerHTML rendering of plugin metadata. When a user installs a malicious plugin whose package.json 'name' field contains a JavaScript payload, the payload executes with Electron's elevated privileges - a context in which Node.js APIs are accessible, making the effective impact closer to local code execution than a conventional browser-scoped XSS. Reported by CERT-PL, version v0.10.15 is confirmed vulnerable, no patch exists, and no public exploit has been identified at time of analysis.
Technical ContextAI
Logseq is an Electron-based, open-source knowledge management and note-taking application (CPE: cpe:2.3:a:logseq:logseq:*:*:*:*:*:*:*:*). As an Electron application, its renderer process operates with access to Node.js APIs unless contextIsolation and sandbox restrictions are rigorously enforced. The vulnerability is rooted in CWE-79 (Improper Neutralization of Input During Web Page Generation - Stored XSS): the plugin loader reads the 'name' field from a third-party plugin's package.json manifest and injects it directly into the DOM via innerHTML without sanitizing or encoding the value. In a standard browser this would be sandboxed XSS, but because Logseq's renderer retains privileged host context (typical of Electron apps that have not fully sandboxed their renderer), JavaScript executing there can invoke Node.js system APIs, elevating the impact to code execution on the host operating system.
RemediationAI
No vendor-released patch has been identified at time of analysis; the CERT-PL reporter confirmed this issue was not addressed by a patch. Until a fix is released, the primary compensating control is to install only plugins from sources you explicitly trust, preferably auditing the plugin's package.json 'name' field manually before installation to confirm it contains no HTML or JavaScript constructs. Users and organizations should disable or restrict the Logseq plugin feature entirely if third-party plugins are not a business requirement - this eliminates the attack surface at the cost of losing plugin functionality. Security-conscious Logseq deployments should also monitor for Logseq updates at https://logseq.com/ and track the CERT-PL advisory at https://cert.pl/en/posts/2026/06/CVE-2026-9279/ for patch availability. Electron-specific hardening (enabling contextIsolation and sandbox in the renderer) would be the appropriate developer-side fix, but this must be implemented by the Logseq maintainers and cannot be applied by end users.
Arbitrary file read, write, and delete in the Logseq Electron desktop knowledge-management application is possible when
Command injection in Logseq desktop application enables remote code execution via shell metacharacter abuse in IPC-expos
Logseq's plugin sandbox can be escaped by a malicious plugin that injects arbitrary HTML event handler attributes into i
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35437
GHSA-fff3-7r5v-99cq