Description
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop (v0.101.3) allows full authentication bypass when running in an Electron environment. When Trilium detects an Electron environment, it explicitly disables authentication middleware for the Clipper API, exposing endpoints such as /api/clipper/notes to the network with no password, API token, or CSRF protection. An attacker on a shared network (for example, a corporate LAN or public Wi-Fi) can scan for open high-range ports using a tool like nmap, since Trilium often binds to ports such as 37840. Once a candidate port is found, an unauthenticated request to the Clipper handshake endpoint, which also bypasses authentication, confirms a Trilium instance by returning the application name and protocol version. This facilitates unauthorized data access, phishing, and local system compromise. The issue has been fixed in version 0.102.2.
Published: 2026-05-20
Score: 8.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Trilium Notes, a hierarchical note-taking application, disables authentication for its Clipper API when it detects an Electron environment. This flaw allows unauthenticated users to call endpoints such as /api/clipper/notes without a password, API token, or CSRF protection, exposing the full set of notes and related data. Consequently an attacker can read, modify, or delete data, launch phishing attacks, or potentially compromise the local system. The weakness is an intentional removal of authentication middleware for a specific technical context, corresponding to CWE‑284 (Improper Authorization) and CWE‑306 (Missing Authentication)

Affected Systems

The vulnerability exists in Trilium Notes desktop builds up to and including version 0.102.1, specifically in the Electron-based Clipper API used in v0.101.3. The fix was backported in version 0.102.2. The affected vendor is TriliumNext.

Risk and Exploitability

The CVSS score of 8.6 reflects a high severity authentication bypass. EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalog, so the exact exploitation probability is unknown. The attack vector is likely local network based; an attacker can scan shared networks for the high-range ports Trilium binds to (often around 37840), query the handshake endpoint to verify a Trilium instance, and then access data without credentials. The combination of local network access and the lack of authentication makes this a significant exploitation risk for users on shared or public networks.

Generated by OpenCVE AI on May 20, 2026 at 20:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Trilium to version 0.102.2 or later to restore authentication for the Clipper API.
  • Configure a firewall or host‑based rule to block inbound traffic on Trilium’s internal port range (e.g., 37840–37999) so that only trusted hosts can reach the service.
  • Monitor local network traffic for unexpected Trilium endpoints and remove or isolate any installations that remain exposed after the update.

Generated by OpenCVE AI on May 20, 2026 at 20:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Triliumnext
Triliumnext trilium
Vendors & Products Triliumnext
Triliumnext trilium

Wed, 20 May 2026 19:30:00 +0000

Type Values Removed Values Added
Description Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop (v0.101.3) allows full authentication bypass when running in an Electron environment. When Trilium detects an Electron environment, it explicitly disables authentication middleware for the Clipper API, exposing endpoints such as /api/clipper/notes to the network with no password, API token, or CSRF protection. An attacker on a shared network (for example, a corporate LAN or public Wi-Fi) can scan for open high-range ports using a tool like nmap, since Trilium often binds to ports such as 37840. Once a candidate port is found, an unauthenticated request to the Clipper handshake endpoint, which also bypasses authentication, confirms a Trilium instance by returning the application name and protocol version. This facilitates unauthorized data access, phishing, and local system compromise. The issue has been fixed in version 0.102.2.
Title Trilium Notes: Authentication Bypass in Clipper API for Electron (Desktop) Builds
Weaknesses CWE-284
CWE-306
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L'}

Subscriptions

Triliumnext Trilium
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-20T19:05:41.692Z

Reserved: 2026-04-06T19:31:07.265Z

Link: CVE-2026-39310

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-20T20:16:39.213

Modified: 2026-05-20T20:16:39.213

Link: CVE-2026-39310

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T20:45:03Z

Weaknesses