TCC Bypass Vulnerability in Trilium Notes by Trilium Next
CVE-2026-39309

5.5MEDIUM

Key Information:

Vendor: Triliumnext
Status: Trilium
Vendor: CVE Published:; 19 May 2026

🔔 Create Triliumnext Vulnerability Alert

What is CVE-2026-39309?

Trilium Notes, a popular hierarchical note-taking application, has a TCC Bypass vulnerability present in versions up to 0.102.1. This flaw arises from the application's Electron configuration, which can be exploited by local attackers through prompt spoofing. Attackers can trigger misleading permission prompts that appear to originate from Trilium Notes, while executing malicious code in the background. The underlying issue involves the RunAsNode feature, allowing malicious commands to run under the trusted application’s identity. As a result, sensitive hardware permissions and TCC-protected files can be accessed without the user's awareness, compromising the security integrity that macOS is designed to uphold. The vulnerability has been addressed in version 0.102.2.

Affected Version(s)

Trilium < 0.102.2

References

https://github.com/TriliumNext/Trilium/security/advisorie...

x_refsource_CONFIRM

https://github.com/TriliumNext/Trilium/releases/tag/v0.102.2

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
Apr 6, 2026

CVE-2026-39309 Data

JSON