CVE-2026-39309: CWE-451: User Interface (UI) Misrepresentation of Critical Information in TriliumNext Trilium
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission prompts by running malicious code under the identity of the trusted app. The root cause is that the RunAsNode fuse allows launching the app in a special Node.js mode using -e to execute arbitrary system commands with Trilium Notes's permissions and identity. An attacker can leverage this through a subprocess to request any sensitive permissions, such as access to hardware (camera, microphone) and TCC-protected files, causing the TCC system prompt to appear as if the request came from Trilium rather than the attacker's code, because macOS treats the subprocess as part of the parent application. Exploitation allows access to TCC-protected resources like the screen, camera, microphone, and folders such as ~/Documents and ~/Downloads, undermining macOS's security model and UI integrity through social engineering. This issue has been fixed in version 0.102.2.
AI Analysis
Technical Summary
Trilium Notes, a cross-platform note-taking application, has a vulnerability (CVE-2026-39309) in versions prior to 0.102.2 where the Electron configuration allows local attackers to bypass macOS Transparency, Consent, and Control (TCC) protections via prompt spoofing. The root cause is the RunAsNode fuse feature that permits launching the app in a Node.js mode with the ability to execute arbitrary system commands using the -e flag. Attackers can leverage this to spawn subprocesses that request sensitive permissions, causing macOS to display permission prompts as if they originate from Trilium, thereby misleading users. This can lead to unauthorized access to TCC-protected resources such as screen recording, camera, microphone, and user folders. The vulnerability has a CVSS 3.1 score of 5.5 (medium severity) and was addressed in Trilium version 0.102.2.
Potential Impact
Exploitation allows local attackers to trick users into granting sensitive macOS permissions by displaying spoofed system prompts that appear to come from the trusted Trilium application. This can result in unauthorized access to protected hardware (camera, microphone) and files (Documents, Downloads), compromising user privacy and security. The integrity of macOS's UI security model is undermined, facilitating social engineering attacks.
Mitigation Recommendations
This vulnerability is fixed in Trilium version 0.102.2. Users should upgrade to version 0.102.2 or later to remediate this issue. No additional vendor advisory or patch links are provided, but upgrading to the fixed version is the recommended action.
CVE-2026-39309: CWE-451: User Interface (UI) Misrepresentation of Critical Information in TriliumNext Trilium
Description
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission prompts by running malicious code under the identity of the trusted app. The root cause is that the RunAsNode fuse allows launching the app in a special Node.js mode using -e to execute arbitrary system commands with Trilium Notes's permissions and identity. An attacker can leverage this through a subprocess to request any sensitive permissions, such as access to hardware (camera, microphone) and TCC-protected files, causing the TCC system prompt to appear as if the request came from Trilium rather than the attacker's code, because macOS treats the subprocess as part of the parent application. Exploitation allows access to TCC-protected resources like the screen, camera, microphone, and folders such as ~/Documents and ~/Downloads, undermining macOS's security model and UI integrity through social engineering. This issue has been fixed in version 0.102.2.
CVSS v3.1
Score 5.5medium
Affected software
pkg:github/triliumnext/TriliumRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Trilium Notes, a cross-platform note-taking application, has a vulnerability (CVE-2026-39309) in versions prior to 0.102.2 where the Electron configuration allows local attackers to bypass macOS Transparency, Consent, and Control (TCC) protections via prompt spoofing. The root cause is the RunAsNode fuse feature that permits launching the app in a Node.js mode with the ability to execute arbitrary system commands using the -e flag. Attackers can leverage this to spawn subprocesses that request sensitive permissions, causing macOS to display permission prompts as if they originate from Trilium, thereby misleading users. This can lead to unauthorized access to TCC-protected resources such as screen recording, camera, microphone, and user folders. The vulnerability has a CVSS 3.1 score of 5.5 (medium severity) and was addressed in Trilium version 0.102.2.
Potential Impact
Exploitation allows local attackers to trick users into granting sensitive macOS permissions by displaying spoofed system prompts that appear to come from the trusted Trilium application. This can result in unauthorized access to protected hardware (camera, microphone) and files (Documents, Downloads), compromising user privacy and security. The integrity of macOS's UI security model is undermined, facilitating social engineering attacks.
Mitigation Recommendations
This vulnerability is fixed in Trilium version 0.102.2. Users should upgrade to version 0.102.2 or later to remediate this issue. No additional vendor advisory or patch links are provided, but upgrading to the fixed version is the recommended action.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-06T19:31:07.265Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0cfde2ba1db47362fd9f0d
Added to database: 05/20/2026, 00:18:42 UTC
Last enriched: 05/20/2026, 00:33:32 UTC
Last updated: 07/07/2026, 10:33:23 UTC
Views: 105
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.