CVE-2026-35593 | TriliumNext Trilium up to 0.102.1 upload-modified-file uploadModifiedFileToAttachment path traversal (GHSA-hf4x-22rg-pjjp)

Inserito da Angelo Barbosa | Mag 20, 2026 | CVE

A vulnerability identified as critical has been detected in TriliumNext Trilium up to 0.102.1. Impacted is the function uploadModifiedFileToAttachment of the file /api/attachments/{attachmentId}/upload-modified-file. This manipulation causes path traversal.

This vulnerability is registered as CVE-2026-35593. Remote exploitation of the attack is possible. No exploit is available.

You should upgrade the affected component.

CVE-2026-35593 | TriliumNext Trilium up to 0.102.1 upload-modified-file uploadModifiedFileToAttachment path traversal (GHSA-hf4x-22rg-pjjp)

Post correlati

CVE-2024-2028 | Exclusive Addons for Elementor Plugin up to 2.6.9 on WordPress Covid-19 Stats Widget cross site scripting

CVE-2024-49405 | Samsung Pass up to 4.3.00.17 improper authentication

CVE-2024-27906 | Apache Airflow up to 2.8.1 DAG Code exposure of resource

CVE-2024-31705 | GLPI 10.x Shell Commands Plugin os command injection