PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-35593 TriliumNext CVE debrief

CVE-2026-35593 is an authenticated local file inclusion issue in Trilium Notes 0.102.1 and earlier. The vulnerable attachment upload path can be pointed at another file on the server, causing the attachment content to be replaced with the contents of that file and later retrieved through the attachment download endpoint. Per the advisory and NVD record, this can expose sensitive local files such as SSH keys, credentials, configuration files, and OS data, with possible downstream impact on the host and co-located services. The issue is fixed in Trilium Notes 0.102.2.

Vendor
TriliumNext
Product
Trilium
CVSS
MEDIUM 6.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-20
Original CVE updated
2026-05-20
Advisory published
2026-05-20
Advisory updated
2026-05-20

Who should care

Administrators and users running Trilium Notes instances, especially deployments that allow authenticated access from untrusted users or are exposed beyond a tightly controlled internal network. Security teams should pay attention if the server stores secrets, credentials, or other sensitive local files accessible to the application account.

Technical summary

NVD describes the flaw as CVSS 3.1 AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N, with weaknesses mapped to CWE-22 and CWE-73. The issue affects the uploadModifiedFileToAttachment flow used by POST requests to /api/attachments/{attachmentId}/upload-modified-file. The request body’s filePath value is used to read another file from the server filesystem, and the resulting content can then be downloaded from /api/attachments/{attachmentId}/download. The practical impact is arbitrary local file read by an authenticated attacker.

Defensive priority

High for any exposed or multi-user deployment; prioritize promptly even though the published CVSS is Medium because the issue can disclose sensitive server-side secrets.

Recommended defensive actions

  • Upgrade Trilium Notes to version 0.102.2 or later as directed by the advisory and release.
  • Review whether any authenticated users could reach the attachment upload-modified endpoint before patching.
  • Treat the server filesystem and application runtime account as sensitive; ensure secrets, SSH material, and configuration files are not unnecessarily readable by the Trilium process.
  • Check for unexpected access to attachment download URLs and investigate any unusual use of filePath values in request logs if available.
  • If immediate upgrading is not possible, restrict network and authentication access to the application to the smallest practical set of trusted users and systems.

Evidence notes

The CVE record and GitHub advisory indicate a file-inclusion/read issue in Trilium Notes fixed in v0.102.2. NVD’s modified record lists the vulnerability status as Deferred and records the CVSS vector AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N with CWE-22 and CWE-73. The description explicitly states that an authenticated attacker can read arbitrary files from the server filesystem through the attachment upload-modified-file and download endpoints.

Official resources

Publicly disclosed on 2026-05-20 in the NVD record, with remediation referenced in the TriliumNext/Trilium v0.102.2 release and GitHub Security Advisory GHSA-hf4x-22rg-pjjp.