CVE-2026-45668
Remote Code Execution in Trilium Notes via ZIP Import
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trilium_notes | trilium_notes | to 0.102.2 (exc) |
| triliumnext | trilium | to 0.102.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can have severe impacts including remote code execution on your machine if you import a malicious note file.
- Attackers can execute arbitrary code, potentially gaining full control over your system.
- Confidentiality, integrity, and availability of your data and system can be compromised.
- It can lead to unauthorized access, data theft, or system disruption.
Can you explain this vulnerability to me?
CVE-2026-45668 is a critical vulnerability in Trilium Notes versions before 0.102.2 that allows remote code execution (RCE) through a specially crafted ZIP archive imported with safe import enabled.
The attack involves two notes inside the ZIP: a payload note containing raw HTML/JavaScript (mime type text/plain) and a trigger note with a #docName label that uses path traversal (e.g., ../) to point to the payload note's API endpoint.
Because the Electron renderer runs with nodeIntegration enabled, when the payload note is loaded, the malicious code executes, leading to RCE on the victim's machine.
Safe import fails to properly sanitize the docName label and the text/plain content, enabling this exploit.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves importing a malicious ZIP archive containing specially crafted notes that exploit path traversal and XSS to achieve remote code execution. Detection would focus on monitoring for suspicious ZIP archive imports into Trilium Notes, especially those containing notes with #docName labels using ../ path traversal sequences.
Since the vulnerability exploits the import of malicious notes, you can detect attempts by scanning for ZIP files imported into Trilium Notes and inspecting their contents for notes with docName labels containing path traversal patterns like "../" or "../../".
Suggested commands might include:
- Extract ZIP files imported into Trilium Notes and search for path traversal in note labels: unzip suspicious_file.zip -d extracted_folder && grep -r "../" extracted_folder
- Monitor application logs for import events and check for unusual or failed imports.
- Use file integrity monitoring to detect unexpected changes in note files or API endpoints.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade Trilium Notes to version 0.102.2 or later, where this vulnerability is fixed.
Until the upgrade can be applied, avoid importing ZIP archives from untrusted or unknown sources, especially those containing notes with potentially malicious content.
Additionally, disable or restrict the use of safe import features if possible, and monitor for suspicious import activity.