CVE-2026-47901
Deferred Deferred - Pending Action
Sandbox Escape via CSP Bypass in Logseq

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: CERT.PL

Description
Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Due to a disabled Content Security Policy (CSP), this allows a malicious plugin to execute arbitrary JavaScript in the privileged host context, potentially gaining unauthorized access to filesystem APIs. While only version v0.10.15 was tested and confirmed as vulnerable, status of other versions is unknown since this issue was not addressed by a patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-09
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-47901
EUVD
EUVD-2026-35438
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
logseq logseq to 0.10.15 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Logseq involves a sandbox escape flaw where plugins running inside sandboxed iframes can inject arbitrary HTML attributes, including event handlers, into their container element within the host DOM.

Because the Content Security Policy (CSP) is disabled, a malicious plugin can exploit this to execute arbitrary JavaScript code in the privileged host context.

This allows the attacker to potentially gain unauthorized access to filesystem APIs, which should normally be restricted.

Impact Analysis

The vulnerability can allow a malicious plugin to execute arbitrary JavaScript code with elevated privileges in the host environment.

This could lead to unauthorized access to filesystem APIs, potentially exposing or modifying sensitive files on the user's system.

Such unauthorized access can compromise the confidentiality and integrity of user data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-47901. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart