CVE-2026-45668 Overview
CVE-2026-45668 affects Trilium Notes, a cross-platform hierarchical note-taking application used for building personal knowledge bases. Versions prior to 0.102.2 are vulnerable to remote code execution through a crafted ZIP archive imported with safe import enabled. The flaw combines path traversal [CWE-22] and cross-site scripting to execute arbitrary code in the desktop Electron renderer, which runs with nodeIntegration enabled. The vulnerability is fixed in version 0.102.2.
Critical Impact
Importing a malicious ZIP archive into Trilium Notes triggers RCE on the desktop client through path traversal and XSS in an Electron renderer with nodeIntegration enabled.
Affected Products
- Trilium Notes desktop client versions prior to 0.102.2
- Installations with safe import enabled
- Electron-based deployments where nodeIntegration is enabled in the renderer
Discovery Timeline
- 2026-05-29 - CVE-2026-45668 published to NVD
- 2026-06-01 - Last updated in NVD database
Technical Details for CVE-2026-45668
Vulnerability Analysis
The vulnerability chains two issues into a single exploit path during ZIP import. An attacker crafts an archive containing two cooperating notes. The first is a payload note of type code with mime text/plain that carries raw HTML and JavaScript. The second is a trigger note of type doc or type launcher that includes a #docName label.
The #docName label accepts a path string that the application resolves without sufficient validation. By embedding ../ sequences, the label points to the payload note's API endpoint. When the trigger note is rendered, the resolved content is loaded inline, executing the raw HTML and JavaScript from the payload note.
The desktop client runs the Electron renderer with nodeIntegration enabled. Injected JavaScript therefore has direct access to Node.js APIs such as require('child_process'), converting an XSS primitive into full code execution under the user's account.
Root Cause
The root cause is improper limitation of a pathname to a restricted directory [CWE-22] in the handling of the #docName label. The import routine trusts user-supplied path components inside the ZIP archive and does not normalize or constrain them before resolving the API endpoint. Combined with an Electron configuration that exposes Node.js to renderer content, path traversal escalates from data disclosure to arbitrary code execution.
Attack Vector
Exploitation requires the victim to import a malicious ZIP archive with safe import enabled. The attacker delivers the archive through social engineering, a shared workspace, or a backup-restore workflow. No authentication to a remote service is required because the attack executes locally within the victim's Trilium client. User interaction is required to initiate the import.
See the GitHub Security Advisory GHSA-9jjc-cccq-f6rh for the technical write-up.
Detection Methods for CVE-2026-45668
Indicators of Compromise
- ZIP archives containing notes with #docName label values that include ../ sequences
- Notes of type code with mime text/plain that carry raw HTML or <script> payloads
- Trigger notes of type doc or launcher referencing payload note API endpoints
- Unexpected child processes spawned by the Trilium Electron renderer process
Detection Strategies
- Inspect imported ZIP archives for note metadata containing path traversal tokens in label fields
- Alert on process creation where the parent is the Trilium Electron binary and the child is a shell, scripting interpreter, or LOLBin
- Monitor file writes and outbound network connections originating from the Trilium renderer process immediately following an import action
Monitoring Recommendations
- Log all ZIP import operations in Trilium and capture the source path of each archive
- Correlate Electron renderer telemetry with endpoint process trees to detect renderer-to-shell transitions
- Track Trilium client version inventory across endpoints to identify hosts still running versions earlier than 0.102.2
How to Mitigate CVE-2026-45668
Immediate Actions Required
- Upgrade all Trilium Notes desktop and server installations to version 0.102.2 or later
- Do not import ZIP archives from untrusted sources until the upgrade is complete
- Audit recent imports for notes containing #docName labels with ../ path components and remove suspicious entries
Patch Information
The vulnerability is fixed in Trilium Notes 0.102.2. The fix is published in the GitHub Security Advisory GHSA-9jjc-cccq-f6rh. Apply the patched release from the official TriliumNext repository and restart the desktop client to ensure the renderer loads the updated code.
Workarounds
- Disable safe import functionality until the patched version is deployed
- Restrict ZIP imports to archives sourced from trusted authors and verified channels
- Run the Trilium client under a least-privilege user account to limit the blast radius of renderer compromise
- Where feasible, isolate the Trilium desktop client on hardened endpoints separated from sensitive workloads
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
