CVE-2026-45668: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in TriliumNext Trilium
CVE-2026-45668 is a critical path traversal and cross-site scripting (XSS) vulnerability in Trilium Notes versions prior to 0. 102. 2. A malicious ZIP archive imported with safe import enabled can exploit this flaw by using a specially crafted #docName label to perform directory traversal and access a payload note containing raw HTML/JavaScript. Because the desktop client uses Electron with nodeIntegration enabled, executing this payload results in remote code execution (RCE). This vulnerability has a CVSS 4. 0 score of 9. 3 and is fixed in version 0. 102. 2.
AI Analysis
Technical Summary
Trilium Notes, a hierarchical note-taking application, suffers from a path traversal vulnerability (CWE-22) combined with cross-site scripting (CWE-79) in versions before 0.102.2. When importing a malicious ZIP archive with safe import enabled, an attacker can craft a #docName label that uses '../' path traversal to point to a payload note containing raw HTML/JavaScript code. The Electron desktop client runs with nodeIntegration enabled, allowing this payload to execute with elevated privileges, resulting in remote code execution. The vulnerability is addressed in Trilium version 0.102.2.
Potential Impact
Successful exploitation allows an unauthenticated attacker to achieve remote code execution on the victim's machine running the vulnerable Trilium Notes desktop client. This is due to the combination of path traversal enabling access to malicious payload notes and the Electron renderer's nodeIntegration feature executing the payload. The impact is critical, potentially allowing full system compromise.
Mitigation Recommendations
This vulnerability is fixed in Trilium Notes version 0.102.2. Users should upgrade to version 0.102.2 or later to remediate this issue. No additional mitigation guidance is provided or required beyond applying the official fix.
CVE-2026-45668: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in TriliumNext Trilium
Description
CVE-2026-45668 is a critical path traversal and cross-site scripting (XSS) vulnerability in Trilium Notes versions prior to 0. 102. 2. A malicious ZIP archive imported with safe import enabled can exploit this flaw by using a specially crafted #docName label to perform directory traversal and access a payload note containing raw HTML/JavaScript. Because the desktop client uses Electron with nodeIntegration enabled, executing this payload results in remote code execution (RCE). This vulnerability has a CVSS 4. 0 score of 9. 3 and is fixed in version 0. 102. 2.
CVSS v4.0
Score 9.3critical
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Trilium Notes, a hierarchical note-taking application, suffers from a path traversal vulnerability (CWE-22) combined with cross-site scripting (CWE-79) in versions before 0.102.2. When importing a malicious ZIP archive with safe import enabled, an attacker can craft a #docName label that uses '../' path traversal to point to a payload note containing raw HTML/JavaScript code. The Electron desktop client runs with nodeIntegration enabled, allowing this payload to execute with elevated privileges, resulting in remote code execution. The vulnerability is addressed in Trilium version 0.102.2.
Potential Impact
Successful exploitation allows an unauthenticated attacker to achieve remote code execution on the victim's machine running the vulnerable Trilium Notes desktop client. This is due to the combination of path traversal enabling access to malicious payload notes and the Electron renderer's nodeIntegration feature executing the payload. The impact is critical, potentially allowing full system compromise.
Mitigation Recommendations
This vulnerability is fixed in Trilium Notes version 0.102.2. Users should upgrade to version 0.102.2 or later to remediate this issue. No additional mitigation guidance is provided or required beyond applying the official fix.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-12T21:59:25.666Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a19cdf6e29bf47b50fb4799
Added to database: 5/29/2026, 5:33:42 PM
Last enriched: 5/29/2026, 5:49:19 PM
Last updated: 5/29/2026, 7:20:26 PM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.