PatchSiren

TriliumNext CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM TriliumNext CVE published 2026-05-20

CVE-2026-39311

CVE-2026-39311 affects Trilium Notes versions 0.102.1 and earlier. The supplied sources describe a critical attack chain where an attacker can abuse an unsanitized SVG attachment, run script in the application origin because Content Security Policy is disabled, read a CSRF token from the page, and then call the backend script execution API to execute arbitrary Node.js code on the server. The issue is fixe [truncated]

HIGH TriliumNext CVE published 2026-05-20

CVE-2026-39310

CVE-2026-39310 is a high-severity authentication-bypass issue in Trilium Notes Desktop versions 0.102.1 and earlier. In an Electron environment, Trilium disables authentication middleware for the Clipper API, which can leave endpoints such as /api/clipper/notes reachable without a password, API token, or CSRF protection. The supplied advisory indicates that an attacker on the same network can discover exp [truncated]

MEDIUM TriliumNext CVE published 2026-05-20

CVE-2026-39309

CVE-2026-39309 affects Trilium Notes versions 0.102.1 and earlier. According to the supplied NVD record and GitHub references, the issue is a macOS TCC bypass through prompt spoofing in the Electron configuration: a local attacker can abuse the app’s RunAsNode fuse to launch a Node.js subprocess and trigger misleading permission prompts that appear to come from Trilium Notes. The result is a UI and trust [truncated]

MEDIUM TriliumNext CVE published 2026-05-20

CVE-2026-35593

CVE-2026-35593 is an authenticated local file inclusion issue in Trilium Notes 0.102.1 and earlier. The vulnerable attachment upload path can be pointed at another file on the server, causing the attachment content to be replaced with the contents of that file and later retrieved through the attachment download endpoint. Per the advisory and NVD record, this can expose sensitive local files such as SSH ke [truncated]