CVE-2026-39311 TriliumNext CVE debrief

Who should care

Administrators and operators of Trilium Notes instances, especially any deployment that lets users open or share SVG attachments, should treat this as urgent. Security teams should also care if the application is exposed to non-trusted users or used to store shared content.

Technical summary

According to the supplied description, Trilium serves SVG attachments as image/svg+xml without sanitization and has CSP disabled. A malicious SVG can therefore execute in the browser under the application origin. From that origin, the attacker can fetch the page, extract the csrfToken from the document body, and submit a signed request to /api/script/exec. Because that API can execute Node.js code on the server, the result is server compromise when a user views the malicious SVG.

Defensive priority

High

Recommended defensive actions

• Upgrade Trilium Notes to version 0.102.2 or later.
• Review whether SVG attachments are accepted, shared, or rendered in your deployment and restrict them where possible.
• Confirm that access to the application is limited to trusted users until patching is complete.
• Audit any exposure of the /api/script/exec endpoint and restrict it to the minimum necessary use.
• Check logs and server state for suspicious SVG attachment access or unexpected script execution activity.

Evidence notes

This debrief is based only on the supplied CVE record, NVD metadata, and the referenced GitHub release/advisory links. The corpus explicitly states the affected versions, the unsanitized SVG plus disabled CSP attack path, the CSRF token extraction step, the /api/script/exec endpoint abuse, and the fix in 0.102.2. NVD metadata also supplies the CVSS vector and weakness classifications (CWE-79 and CWE-94).

Official resources