CVE-2026-35593— Trilium Notes 路径遍历漏洞

Trilium Notes has Local File Inclusion via upload modified file API endpoint

Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticated attacker to read sensitive arbitrary files from the server's filesystem. The uploadModifiedFileToAttachment function, which is called when a POST request is received to /api/attachments/{attachmentId}/upload-modified-file, replaces the content of the attachment with the content from another file (whose path is provided in filePath of Request body). After which the content of the attachment can be viewed at /api/attachments/{attachmentId}/download. This exposes sensitive system files such as SSH keys, credentials, configs, and OS files, potentially leading to remote code execution and compromise of co-hosted applications. This issue has been fixed in version 0.102.2.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

对路径名的限制不恰当(路径遍历)

Trilium Notes 路径遍历漏洞

Trilium Notes是Zadam个人开发者的一个分层笔记应用程序。专注于构建大型个人知识库。 Trilium Notes 0.102.1及之前版本存在路径遍历漏洞，该漏洞源于本地文件，可能导致已认证攻击者从服务器文件系统读取敏感任意文件。uploadModifiedFileToAttachment函数在处理POST请求到/api/attachments/{attachmentId}/upload-modified-file时，将附件内容替换为请求体filePath中指定文件的内容，随后可通过/api

N/A

N/A