CVE-2026-39311
Deferred Deferred - Pending Action
Remote Code Execution in Trilium Notes via SVG

Publication date: 2026-05-20

Last updated on: 2026-05-20

Assigner: GitHub, Inc.

Description
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of SVG sanitization combined with a disabled Content Security Policy (CSP) and a publicly reachable backend execution API results in an unauthenticated Remote Code Execution (RCE). The vulnerability arises from an insecure-by-design architecture: Trilium serves SVG attachments with the image/svg+xml MIME type without any sanitization, and it explicitly disables Helmet's Content Security Policy middleware, removing the primary defense against script execution in served assets. Because the malicious SVG runs under the Same-Origin Policy, it can issue a fetch('/') to extract the csrfToken from the document body. With that token, it can send a signed request to /api/script/exec to execute arbitrary Node.js code on the server. An attacker can compromise the entire server instance simply by tricking an authenticated user into viewing a shared SVG attachment. The issue has been fixed in version 0.102.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-20
Last Modified
2026-05-20
Generated
2026-06-10
AI Q&A
2026-05-21
EPSS Evaluated
2026-06-08
NVD
CVE-2026-39311
EUVD
EUVD-2026-31173
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
trilium trilium to 0.102.2 (exc)
trilium trilium 0.102.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in Trilium Notes allows unauthenticated remote code execution, which can lead to full server compromise and potential data exfiltration.

Such a security flaw can impact compliance with common standards and regulations like GDPR and HIPAA because unauthorized access or data breaches may violate requirements for protecting personal and sensitive information.

Specifically, the risk of data exfiltration and lateral movement within the network could lead to exposure of protected data, undermining confidentiality and integrity mandates.

Executive Summary

CVE-2026-39311 is a vulnerability in Trilium Notes versions prior to 0.102.2 where unsanitized SVG attachments are served without proper validation. The application disables its Content Security Policy (CSP), which normally helps prevent script execution. Because of this, a malicious SVG file containing JavaScript can execute under the Same-Origin Policy when viewed by a user.

This malicious script can extract a CSRF token from the page and use it to send a request to a backend API endpoint (/api/script/exec) that allows execution of arbitrary Node.js code on the server. This leads to unauthenticated remote code execution (RCE), potentially compromising the entire server.

Impact Analysis

This vulnerability can have a high impact, including full server compromise. An attacker can execute arbitrary code on the server, which may lead to data exfiltration, unauthorized access to sensitive information, or lateral movement within the network.

The attack requires tricking an authenticated user into viewing a malicious SVG attachment, but once exploited, it can result in significant damage to the affected system and its data.

Detection Guidance

This vulnerability can be detected by checking if your Trilium Notes installation is running a version prior to 0.102.2, as these versions contain the critical flaw.

You can also inspect if SVG attachments are served without sanitization and if the Content Security Policy (CSP) middleware is disabled.

To detect potential exploitation attempts, monitor for unusual requests to the `/api/script/exec` endpoint, which is used to execute arbitrary Node.js code.

Suggested commands include:

  • Check Trilium version: `trilium --version` or verify the installed package version.
  • Use network monitoring tools (e.g., tcpdump, Wireshark) to capture and analyze HTTP requests targeting `/api/script/exec`.
  • Search server logs for requests to `/api/script/exec` or for suspicious activity involving SVG attachments.
Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade Trilium Notes to version 0.102.2 or later, where the issue has been fixed.

Until the upgrade can be performed, restrict access to the Trilium backend, especially the `/api/script/exec` endpoint, to trusted users only.

Additionally, avoid opening or viewing SVG attachments from untrusted sources to prevent triggering the exploit.

Implement network-level controls or web application firewalls to block or monitor suspicious requests targeting the vulnerable API.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39311. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart