Skip to main content

Tidgi Desktop

1 CVEs product

Monthly

CVE-2026-14722 npm MEDIUM POC This Month

Code injection in TidGi-Desktop up to version 0.13.0 allows remote attackers to execute arbitrary code through the application's Git Repository Import feature, specifically within the sub-wiki loading worker. The flaw resides in `src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts`, where externally-sourced Git repository content is processed without adequate code-injection safeguards (CWE-94). A public exploit has been disclosed and referenced via the GitHub security advisory GHSA-9hc2-hjx8-q6pv, though no CISA KEV listing exists at time of analysis.

Code Injection RCE Tidgi Desktop
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Code injection in TidGi-Desktop up to version 0.13.0 allows remote attackers to execute arbitrary code through the application's Git Repository Import feature, specifically within the sub-wiki loading worker. The flaw resides in `src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts`, where externally-sourced Git repository content is processed without adequate code-injection safeguards (CWE-94). A public exploit has been disclosed and referenced via the GitHub security advisory GHSA-9hc2-hjx8-q6pv, though no CISA KEV listing exists at time of analysis.

Code Injection RCE Tidgi Desktop
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy