Description
Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticated attacker to read sensitive arbitrary files from the server's filesystem. The uploadModifiedFileToAttachment function, which is called when a POST request is received to /api/attachments/{attachmentId}/upload-modified-file, replaces the content of the attachment with the content from another file (whose path is provided in filePath of Request body). After which the content of the attachment can be viewed at /api/attachments/{attachmentId}/download. This exposes sensitive system files such as SSH keys, credentials, configs, and OS files, potentially leading to remote code execution and compromise of co-hosted applications. This issue has been fixed in version 0.102.2.
Published: 2026-05-19
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A Local File Inclusion flaw in Trilium Notes allows an authenticated user to specify an arbitrary file’s path via the uploadModifiedFileToAttachment API. Upon submission, the server replaces an attachment’s content with the contents of that file. The subsequent download endpoint then serves the file contents, exposing sensitive data such as SSH keys, credentials, configuration files, and operating system files. Because these files can contain sensitive credentials, the vulnerability can lead to data compromise and, as noted in the advisory, potentially enable remote code execution on the host and compromise co‑hosted applications. The weakness is reflected in CWE‑22 (Path Traversal) and CWE‑73 (Improper Checking or Handling of File Paths).

Affected Systems

Trilium Notes versions 0.102.1 and earlier, distributed by TriliumNext, are affected. The flaw exists in the uploadModifiedFileToAttachment function invoked when a POST request is made to /api/attachments/{attachmentId}/upload-modified-file. The issue was addressed in release 0.102.2. Users running older versions should be aware that any authenticated session can trigger the vulnerability.

Risk and Exploitability

The CVSS score of 6.8 indicates a moderate to high severity. No EPSS data is available, and the vulnerability is not listed in the CISA KEV catalog. The exploit requires authentication, so an attacker must first obtain valid user credentials. Once authenticated, the attacker can use the targeted API to read arbitrary files, potentially escalating to remote code execution if sensitive files are compromised. Because the attack vector is through a legitimate, authenticated endpoint, the risk remains significant for exposed instances.

Generated by OpenCVE AI on May 20, 2026 at 01:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Trilium Notes to version 0.102.2 or later, which removes the vulnerable API endpoint.
  • If immediate upgrade is not possible, restrict or disable the /api/attachments/{attachmentId}/upload-modified-file endpoint for all users, or limit access to a minimal set of trusted accounts.
  • Implement input validation to ensure that any file path supplied to the uploadModifiedFileToAttachment endpoint is confined to the application’s attachment directory and does not allow traversal outside of it.

Generated by OpenCVE AI on May 20, 2026 at 01:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 20 May 2026 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Triliumnext
Triliumnext trilium
Vendors & Products Triliumnext
Triliumnext trilium

Wed, 20 May 2026 00:00:00 +0000

Type Values Removed Values Added
Description Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticated attacker to read sensitive arbitrary files from the server's filesystem. The uploadModifiedFileToAttachment function, which is called when a POST request is received to /api/attachments/{attachmentId}/upload-modified-file, replaces the content of the attachment with the content from another file (whose path is provided in filePath of Request body). After which the content of the attachment can be viewed at /api/attachments/{attachmentId}/download. This exposes sensitive system files such as SSH keys, credentials, configs, and OS files, potentially leading to remote code execution and compromise of co-hosted applications. This issue has been fixed in version 0.102.2.
Title Trilium Notes has Local File Inclusion via upload modified file API endpoint
Weaknesses CWE-22
CWE-73
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N'}

Subscriptions

Triliumnext Trilium
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-20T13:20:31.268Z

Reserved: 2026-04-03T21:25:12.161Z

Link: CVE-2026-35593

cve-icon Vulnrichment

Updated: 2026-05-20T13:20:26.428Z

cve-icon NVD

Status : Deferred

Published: 2026-05-20T00:16:37.433

Modified: 2026-05-20T14:16:50.653

Link: CVE-2026-35593

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T01:30:06Z

Weaknesses