CVE-2026-35593
Deferred Deferred - Pending Action
Local File Inclusion in Trilium Notes

Publication date: 2026-05-20

Last updated on: 2026-05-20

Assigner: GitHub, Inc.

Description
Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticated attacker to read sensitive arbitrary files from the server's filesystem. The uploadModifiedFileToAttachment function, which is called when a POST request is received to /api/attachments/{attachmentId}/upload-modified-file, replaces the content of the attachment with the content from another file (whose path is provided in filePath of Request body). After which the content of the attachment can be viewed at /api/attachments/{attachmentId}/download. This exposes sensitive system files such as SSH keys, credentials, configs, and OS files, potentially leading to remote code execution and compromise of co-hosted applications. This issue has been fixed in version 0.102.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-20
Last Modified
2026-05-20
Generated
2026-06-09
AI Q&A
2026-05-20
EPSS Evaluated
2026-06-08
NVD
CVE-2026-35593
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
trilium trilium_notes to 0.102.2 (exc)
trilium trilium_notes From 0.102.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-35593 is a Local File Inclusion (LFI) vulnerability in Trilium Notes versions 0.102.1 and prior. It allows an authenticated attacker to read arbitrary sensitive files from the server's filesystem.

The vulnerability exists in the uploadModifiedFileToAttachment function, which processes POST requests to /api/attachments/{attachmentId}/upload-modified-file. This function replaces the content of an attachment with the content of a file specified by the attacker via the filePath parameter in the request body.

After the replacement, the attacker can download the modified attachment from /api/attachments/{attachmentId}/download, thereby accessing sensitive files such as SSH keys, credentials, configuration files, and operating system files.

This vulnerability can lead to further compromise, including potential remote code execution and exposure of data from other applications hosted on the same server.

Impact Analysis

This vulnerability can have serious impacts including unauthorized access to sensitive system files such as SSH keys, credentials, and configuration files.

An attacker with authenticated access can exploit this flaw to read arbitrary files on the server, potentially leading to remote code execution.

Such exploitation can compromise the entire server and any co-hosted applications, resulting in data breaches, loss of confidentiality, and system integrity issues.

Detection Guidance

This vulnerability can be detected by monitoring for POST requests to the endpoint /api/attachments/{attachmentId}/upload-modified-file or /api/attachments/{attachmentId}/upload-modified-file that include a filePath parameter in the request body. Such requests may indicate attempts to replace attachment content with arbitrary files from the server filesystem.

To detect exploitation attempts on your system, you can use network monitoring tools or web server logs to look for suspicious POST requests targeting these endpoints with unusual file paths.

Example commands to search web server logs for suspicious activity might include:

  • grep -i 'POST /api/attachments/' /var/log/nginx/access.log | grep 'upload-modified-file'
  • grep -i 'filePath' /var/log/nginx/access.log

Additionally, inspecting application logs for POST requests containing filePath parameters or unusual file paths can help identify exploitation attempts.

Mitigation Strategies

The immediate and most effective mitigation step is to upgrade Trilium Notes to version 0.102.2 or later, where this vulnerability has been fixed.

Until the upgrade can be performed, restrict access to the vulnerable API endpoints to trusted users only, as the attack requires authentication and high privileges.

Implement strict input validation and sanitization on the filePath parameter, enforcing whitelists for allowed file paths to prevent arbitrary file inclusion.

Monitor logs for suspicious POST requests to the affected endpoints and respond promptly to any detected exploitation attempts.

Compliance Impact

The vulnerability allows an authenticated attacker to read sensitive arbitrary files from the server's filesystem, including SSH keys, credentials, configuration files, and other sensitive system files. This exposure of sensitive data could lead to unauthorized access and potential compromise of co-hosted applications.

Such unauthorized disclosure of sensitive information may result in non-compliance with data protection regulations and standards like GDPR and HIPAA, which require the protection of personal and sensitive data against unauthorized access.

Therefore, if exploited, this vulnerability could lead to violations of confidentiality requirements mandated by these regulations, potentially resulting in legal and financial consequences for affected organizations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35593. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart