This vulnerability arises when a malicious ZIP archive is imported into Trilium Notes with the safe import feature enabled. The attacker can embed a payload note of type code containing raw HTML and JavaScript, and a trigger note that references the payload via a #docName label containing '..' path traversal. The path traversal allows the payload note's API endpoint to be accessed from the victim's desktop, and because the Electron renderer runs with nodeIntegration, the malicious script is executed, yielding remote code execution. The same mechanism also permits cross‑site scripting when the victim views the note, as the payload can inject arbitrary client‑side code.

The affected product is Trilium Notes from TriliumNext:Trilium. Versions earlier than 0.102.2 are vulnerable. No specific sub‑product or operating system is mentioned, so all builds of the application, including the desktop Electron client, are potentially impacted. Users who install Trilium from source or binaries prior to the 0.102.2 release must consider updates.

The CVSS score of 9.3 indicates critical severity. The EPSS score is not available, so the current exploitation probability is unknown, but the incident suggests that attackers can exploit the flaw by distributing malicious ZIP files to unsuspecting users. The vulnerability is not listed in the CISA KEV catalog, yet it remains a high‑risk issue because the path to RCE is straightforward once the ZIP is imported. Systems relying on Trilium should immediately apply the vendor patch or, if a patch is not immediately possible, restrict safe import to trusted sources and monitor for suspicious import activity.