Trilium Notes Remote Code Execution Vulnerability via Unsanitized SVG Attachments

A remote code execution vulnerability has been identified in Trilium Notes versions through 0.102.1. This issue arises from the application serving SVG files without proper sanitization, combined with a disabled Content Security Policy and a publicly accessible backend execution API. As a result, an unauthenticated attacker can execute arbitrary Node.js code on the server. The vulnerability exploits the Same-Origin Policy to hijack a CSRF token from the victim's document, which is then used to send a signed request to execute malicious code.

Impact

Exploitation of this vulnerability allows for unauthorized remote code execution on the server, with the potential to gain a full reverse shell, exfiltrate the entire document database containing private notes, or perform lateral movement within the server's network.

Reproduction

To reproduce this vulnerability, upload a crafted SVG file containing a script payload into a Trilium note. Double-click the image to trigger the SVG execution. The malicious SVG will fetch the CSRF token from the document, then use it to send a request to the '/api/script/exec' endpoint, executing arbitrary Node.js code on the server.

Remediation

Users are advised to update to Trilium Notes version 0.102.2 or later, where this vulnerability has been fixed.