CVE-2026-35593
Local File Inclusion in Trilium Notes
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trilium | trilium_notes | to 0.102.2 (exc) |
| trilium | trilium_notes | From 0.102.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-35593 is a Local File Inclusion (LFI) vulnerability in Trilium Notes versions 0.102.1 and prior. It allows an authenticated attacker to read arbitrary sensitive files from the server's filesystem.
The vulnerability exists in the uploadModifiedFileToAttachment function, which processes POST requests to /api/attachments/{attachmentId}/upload-modified-file. This function replaces the content of an attachment with the content of a file specified by the attacker via the filePath parameter in the request body.
After the replacement, the attacker can download the modified attachment from /api/attachments/{attachmentId}/download, thereby accessing sensitive files such as SSH keys, credentials, configuration files, and operating system files.
This vulnerability can lead to further compromise, including potential remote code execution and exposure of data from other applications hosted on the same server.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized access to sensitive system files such as SSH keys, credentials, and configuration files.
An attacker with authenticated access can exploit this flaw to read arbitrary files on the server, potentially leading to remote code execution.
Such exploitation can compromise the entire server and any co-hosted applications, resulting in data breaches, loss of confidentiality, and system integrity issues.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for POST requests to the endpoint /api/attachments/{attachmentId}/upload-modified-file or /api/attachments/{attachmentId}/upload-modified-file that include a filePath parameter in the request body. Such requests may indicate attempts to replace attachment content with arbitrary files from the server filesystem.
To detect exploitation attempts on your system, you can use network monitoring tools or web server logs to look for suspicious POST requests targeting these endpoints with unusual file paths.
Example commands to search web server logs for suspicious activity might include:
- grep -i 'POST /api/attachments/' /var/log/nginx/access.log | grep 'upload-modified-file'
- grep -i 'filePath' /var/log/nginx/access.log
Additionally, inspecting application logs for POST requests containing filePath parameters or unusual file paths can help identify exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The immediate and most effective mitigation step is to upgrade Trilium Notes to version 0.102.2 or later, where this vulnerability has been fixed.
Until the upgrade can be performed, restrict access to the vulnerable API endpoints to trusted users only, as the attack requires authentication and high privileges.
Implement strict input validation and sanitization on the filePath parameter, enforcing whitelists for allowed file paths to prevent arbitrary file inclusion.
Monitor logs for suspicious POST requests to the affected endpoints and respond promptly to any detected exploitation attempts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an authenticated attacker to read sensitive arbitrary files from the server's filesystem, including SSH keys, credentials, configuration files, and other sensitive system files. This exposure of sensitive data could lead to unauthorized access and potential compromise of co-hosted applications.
Such unauthorized disclosure of sensitive information may result in non-compliance with data protection regulations and standards like GDPR and HIPAA, which require the protection of personal and sensitive data against unauthorized access.
Therefore, if exploited, this vulnerability could lead to violations of confidentiality requirements mandated by these regulations, potentially resulting in legal and financial consequences for affected organizations.