CVE-2026-39309
TCC Bypass via Prompt Spoofing in Trilium Notes
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trilium_notes | trilium_notes | to 0.102.2 (exc) |
| trilium_notes | trilium_notes | 0.102.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-451 | The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. |
| CWE-290 | This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-39309 is a security vulnerability in Trilium Notes (versions 0.102.1 and prior) that allows local attackers to bypass macOS's Transparency, Consent, and Control (TCC) system through prompt spoofing.
The root cause is that the Electron app's RunAsNode fuse allows launching the app in a special Node.js mode to execute arbitrary system commands with Trilium Notes's permissions and identity.
An attacker can exploit this by running malicious code as a subprocess, triggering misleading macOS permission prompts that appear to come from the trusted Trilium Notes app rather than the attacker.
This can trick users into granting sensitive permissions such as access to the camera, microphone, screen, and protected folders like Documents and Downloads.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with local access to gain unauthorized access to sensitive macOS resources protected by TCC, including the camera, microphone, screen, and important user folders.
Because the permission prompts appear to come from the trusted Trilium Notes app, users may be tricked into granting these permissions, leading to potential privacy breaches.
This undermines macOS's security model and UI integrity through social engineering, potentially exposing confidential information or enabling surveillance.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the RunAsNode fuse enabled in Trilium Notes versions prior to 0.102.2, which allows execution of arbitrary Node.js code with the app's permissions. Detection involves checking if the vulnerable version of Trilium Notes is installed and if the RunAsNode fuse is enabled.
You can detect the presence of the vulnerable Trilium Notes version by checking the installed application version.
- Run the command to check the Trilium Notes version, for example: `trilium --version` or check the app's About section.
- Look for suspicious subprocesses launched with Node.js mode using the `-e` flag, which could indicate exploitation attempts.
- On macOS, use commands like `ps aux | grep Trilium` or `ps aux | grep node` to identify unexpected subprocesses running under Trilium Notes.
Since the vulnerability requires local attacker code execution and user interaction, monitoring for unusual permission prompts attributed to Trilium Notes may also help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade Trilium Notes to version 0.102.2 or later, where this vulnerability has been fixed.
If upgrading is not immediately possible, disable the RunAsNode fuse in production environments, as it is intended only for development and debugging.
Be cautious of macOS permission prompts that appear to come from Trilium Notes, especially if unexpected, and avoid granting permissions unless you are certain of the request's legitimacy.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows local attackers to bypass macOS's permission controls and gain unauthorized access to sensitive resources such as the camera, microphone, and protected user folders. Such unauthorized access to personal and sensitive data could lead to violations of data protection regulations like GDPR and HIPAA, which mandate strict controls over access to personal and sensitive information.
By undermining the security model and enabling social engineering attacks that trick users into granting permissions, the vulnerability increases the risk of data breaches and unauthorized data processing, potentially impacting compliance with privacy and security requirements in these regulations.
Therefore, organizations using affected versions of Trilium Notes may face increased compliance risks until the vulnerability is remediated by updating to version 0.102.2 or later.