CVE-2026-39309
Description
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission prompts by running malicious code under the identity of the trusted app. The root cause is that the RunAsNode fuse allows launching the app in a special Node.js mode using -e to execute arbitrary system commands with Trilium Notes's permissions and identity. An attacker can leverage this through a subprocess to request any sensitive permissions, such as access to hardware (camera, microphone) and TCC-protected files, causing the TCC system prompt to appear as if the request came from Trilium rather than the attacker's code, because macOS treats the subprocess as part of the parent application. Exploitation allows access to TCC-protected resources like the screen, camera, microphone, and folders such as ~/Documents and ~/Downloads, undermining macOS's security model and UI integrity through social engineering. This issue has been fixed in version 0.102.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Trilium Notes <= 0.102.1 has a TCC bypass via RunAsNode fuse, letting local attackers spoof macOS permission prompts as the trusted app to access protected resources.
Vulnerability
Trilium Notes versions 0.102.1 and prior on macOS are vulnerable to a TCC bypass via prompt spoofing due to an insecure Electron configuration. The RunAsNode fuse is enabled, allowing the application to be launched in Node.js mode with the -e flag, which can execute arbitrary system commands under the identity of the trusted Trilium Notes app [1]. An attacker with local access can abuse this to spawn subprocesses that request sensitive macOS permissions (e.g., camera, microphone, screen recording, documents folder) through the TCC (Transparency, Consent, and Control) system. Because macOS treats the subprocess as part of the parent application, the TCC prompt appears to come from Trilium Notes rather than the attacker's code, misleading the user into granting access [1].
Exploitation
The attacker must have local access to a macOS system where Trilium Notes is installed. Exploitation can be automated using the electroniz3r tool, which injects code into the Trilium Notes app bundle to trigger a TCC prompt. For example, running electroniz3r inject /Applications/Trilium Notes.app --predefined-script screenshot causes the app to open a debug WebSocket server and execute a payload that requests screen recording access [1]. The user then sees a TCC prompt stating "Trilium Notes would like to record this computer's screen and audio", which is a prompt spoof that tricks the victim into granting permission [1]. No authentication is needed beyond local system access; the attacker can be any user on the machine.
Impact
Successful exploitation allows an attacker to gain unauthorized access to TCC-protected resources on macOS, including the screen, camera, microphone, and sensitive user folders such as ~/Documents and ~/Downloads [1]. This undermines macOS's security model, which relies on TCC prompts to inform users of which application is requesting permission. The attacker inherits the full entitlements of the Trilium Notes app, enabling disclosure of private data and potential observation of user activity through screen or audio capture [1]. The breach impacts confidentiality and UI integrity, as the prompt spoofing is a form of social engineering.
Mitigation
The vulnerability is fixed in Trilium Notes version 0.102.2, released on or around the publication date of 2026-05-20 [2]. The fix includes adding Electron fuses to harden the desktop application against external abuse [2]. Users are strongly advised to update immediately. No workaround is available; the only mitigation is to upgrade to the patched version. No EOL or KEV listing is currently associated with this CVE.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <=0.102.1
Patches
213b1e0afbbd9fix(desktop): make failing due to wrong version of fuses
2 files changed · +12 −23
apps/desktop/package.json+1 −1 modified@@ -40,7 +40,7 @@ "@electron-forge/maker-zip": "7.11.1", "@electron-forge/plugin-auto-unpack-natives": "7.11.1", "@electron-forge/plugin-fuses": "7.11.1", - "@electron/fuses": "1.0.0", + "@electron/fuses": "1.8.0", "@triliumnext/commons": "workspace:*", "@triliumnext/server": "workspace:*", "@types/electron-squirrel-startup": "1.0.2",
pnpm-lock.yaml+11 −22 modified@@ -447,10 +447,10 @@ importers: version: 7.11.1 '@electron-forge/plugin-fuses': specifier: 7.11.1 - version: 7.11.1(@electron/fuses@1.0.0) + version: 7.11.1(@electron/fuses@1.8.0) '@electron/fuses': - specifier: 1.0.0 - version: 1.0.0 + specifier: 1.8.0 + version: 1.8.0 '@triliumnext/commons': specifier: workspace:* version: link:../../packages/commons @@ -2394,8 +2394,9 @@ packages: engines: {node: '>=10.12.0'} hasBin: true - '@electron/fuses@1.0.0': - resolution: {integrity: sha512-VjWIlZHEB7a93tXl+6tX2YzN+s1/mS0RM8WX4GZlMOqAzlmRfTMP6pp0MM0LtkzWZB+KQOv+zJt5Dlgdik+DUQ==} + '@electron/fuses@1.8.0': + resolution: {integrity: sha512-zx0EIq78WlY/lBb1uXlziZmDZI4ubcCXIMJ4uGjXzZW0nS19TjSPeXPAjzzTmKQlJUZm0SbmZhPKP7tuQ1SsEw==} + hasBin: true '@electron/get@2.0.3': resolution: {integrity: sha512-Qkzpg2s9GnVV2I2BjRksUi43U5e6+zaQMcjoJy0C+C5oxaKl+fmckGDQFtRpZpZV0NQekuZZ+tGz7EA9TVnQtQ==} @@ -16658,8 +16659,6 @@ snapshots: '@ckeditor/ckeditor5-widget': 47.4.0 ckeditor5: 47.4.0 es-toolkit: 1.39.5 - transitivePeerDependencies: - - supports-color '@ckeditor/ckeditor5-icons@47.4.0': {} @@ -16702,8 +16701,6 @@ snapshots: '@ckeditor/ckeditor5-ui': 47.4.0 '@ckeditor/ckeditor5-utils': 47.4.0 ckeditor5: 47.4.0 - transitivePeerDependencies: - - supports-color '@ckeditor/ckeditor5-inspector@5.0.0': {} @@ -16713,8 +16710,6 @@ snapshots: '@ckeditor/ckeditor5-ui': 47.4.0 '@ckeditor/ckeditor5-utils': 47.4.0 ckeditor5: 47.4.0 - transitivePeerDependencies: - - supports-color '@ckeditor/ckeditor5-line-height@47.4.0': dependencies: @@ -16739,8 +16734,6 @@ snapshots: '@ckeditor/ckeditor5-widget': 47.4.0 ckeditor5: 47.4.0 es-toolkit: 1.39.5 - transitivePeerDependencies: - - supports-color '@ckeditor/ckeditor5-list-multi-level@47.4.0': dependencies: @@ -16764,8 +16757,6 @@ snapshots: '@ckeditor/ckeditor5-ui': 47.4.0 '@ckeditor/ckeditor5-utils': 47.4.0 ckeditor5: 47.4.0 - transitivePeerDependencies: - - supports-color '@ckeditor/ckeditor5-markdown-gfm@47.4.0': dependencies: @@ -16803,8 +16794,6 @@ snapshots: '@ckeditor/ckeditor5-utils': 47.4.0 '@ckeditor/ckeditor5-widget': 47.4.0 ckeditor5: 47.4.0 - transitivePeerDependencies: - - supports-color '@ckeditor/ckeditor5-mention@47.4.0(patch_hash=5981fb59ba35829e4dff1d39cf771000f8a8fdfa7a34b51d8af9549541f2d62d)': dependencies: @@ -17618,11 +17607,11 @@ snapshots: - bluebird - supports-color - '@electron-forge/plugin-fuses@7.11.1(@electron/fuses@1.0.0)': + '@electron-forge/plugin-fuses@7.11.1(@electron/fuses@1.8.0)': dependencies: '@electron-forge/plugin-base': 7.11.1 '@electron-forge/shared-types': 7.11.1 - '@electron/fuses': 1.0.0 + '@electron/fuses': 1.8.0 transitivePeerDependencies: - bluebird - supports-color @@ -17709,9 +17698,11 @@ snapshots: glob: 7.2.3 minimatch: 3.1.2 - '@electron/fuses@1.0.0': + '@electron/fuses@1.8.0': dependencies: + chalk: 4.1.2 fs-extra: 9.1.0 + minimist: 1.2.8 '@electron/get@2.0.3': dependencies: @@ -23164,8 +23155,6 @@ snapshots: ckeditor5-collaboration@47.4.0: dependencies: '@ckeditor/ckeditor5-collaboration-core': 47.4.0 - transitivePeerDependencies: - - supports-color ckeditor5-premium-features@47.4.0(bufferutil@4.0.9)(ckeditor5@47.4.0)(utf-8-validate@6.0.5): dependencies:
176de87b6b45feat(desktop): add Electron fuses
3 files changed · +63 −33
apps/desktop/electron-forge/forge.config.ts+12 −0 modified@@ -1,4 +1,5 @@ import type { ForgeConfig } from "@electron-forge/shared-types"; +import { FuseV1Options, FuseVersion } from "@electron/fuses"; import { LOCALES } from "@triliumnext/commons"; import { existsSync } from "fs"; import fs from "fs-extra"; @@ -166,6 +167,17 @@ const config: ForgeConfig = { { name: "@electron-forge/plugin-auto-unpack-natives", config: {} + }, + { + name: "@electron-forge/plugin-fuses", + config: { + version: FuseVersion.V1, + [FuseV1Options.RunAsNode]: false, + [FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false, + [FuseV1Options.EnableNodeCliInspectArguments]: false, + [FuseV1Options.EnableCookieEncryption]: true, + [FuseV1Options.OnlyLoadAppFromAsar]: true + } } ], hooks: {
apps/desktop/package.json+9 −7 modified@@ -27,15 +27,10 @@ "electron-debug": "4.1.0", "electron-dl": "4.0.0", "electron-squirrel-startup": "1.0.1", - "jquery.fancytree": "2.38.5", - "jquery-hotkeys": "0.2.2" + "jquery-hotkeys": "0.2.2", + "jquery.fancytree": "2.38.5" }, "devDependencies": { - "@types/electron-squirrel-startup": "1.0.2", - "@triliumnext/commons": "workspace:*", - "@triliumnext/server": "workspace:*", - "copy-webpack-plugin": "13.0.1", - "electron": "40.6.1", "@electron-forge/cli": "7.11.1", "@electron-forge/maker-deb": "7.11.1", "@electron-forge/maker-dmg": "7.11.1", @@ -44,6 +39,13 @@ "@electron-forge/maker-squirrel": "7.11.1", "@electron-forge/maker-zip": "7.11.1", "@electron-forge/plugin-auto-unpack-natives": "7.11.1", + "@electron-forge/plugin-fuses": "7.11.1", + "@electron/fuses": "2.1.1", + "@triliumnext/commons": "workspace:*", + "@triliumnext/server": "workspace:*", + "@types/electron-squirrel-startup": "1.0.2", + "copy-webpack-plugin": "13.0.1", + "electron": "40.6.1", "prebuild-install": "7.1.3" } } \ No newline at end of file
pnpm-lock.yaml+42 −26 modified@@ -445,6 +445,12 @@ importers: '@electron-forge/plugin-auto-unpack-natives': specifier: 7.11.1 version: 7.11.1 + '@electron-forge/plugin-fuses': + specifier: 7.11.1 + version: 7.11.1(@electron/fuses@2.1.1) + '@electron/fuses': + specifier: 2.1.1 + version: 2.1.1 '@triliumnext/commons': specifier: workspace:* version: link:../../packages/commons @@ -2345,6 +2351,12 @@ packages: resolution: {integrity: sha512-lKpSOV1GA3FoYiD9k05i6v4KaQVmojnRgCr7d6VL1bFp13QOtXSaAWhFI9mtSY7rGElOacX6Zt7P7rPoB8T9eQ==} engines: {node: '>= 16.4.0'} + '@electron-forge/plugin-fuses@7.11.1': + resolution: {integrity: sha512-Td517mHf+RjQAayFDM2kKb7NaGdRXrZfPbc7KOHlGbXthp5YTkFu2cCZGWokiqt1y1wsFaAodULhqBIg7vbbbw==} + engines: {node: '>= 16.4.0'} + peerDependencies: + '@electron/fuses': ^1.0.0 + '@electron-forge/publisher-base@7.11.1': resolution: {integrity: sha512-rXE9oMFGMtdQrixnumWYH5TTGsp99iPHZb3jI74YWq518ctCh6DlIgWlhf6ok2X0+lhWovcIb45KJucUFAQ13w==} engines: {node: '>= 16.4.0'} @@ -2382,6 +2394,11 @@ packages: engines: {node: '>=10.12.0'} hasBin: true + '@electron/fuses@2.1.1': + resolution: {integrity: sha512-38ho27/mtUV/LpsZ1LCDJUomKBBSUZDk/qBH4FNNtoN5fmnkmWDcIp5pm1Kv3InqhRjKZKs7Jzx+wWZNMArHrA==} + engines: {node: '>=22.12.0'} + hasBin: true + '@electron/get@2.0.3': resolution: {integrity: sha512-Qkzpg2s9GnVV2I2BjRksUi43U5e6+zaQMcjoJy0C+C5oxaKl+fmckGDQFtRpZpZV0NQekuZZ+tGz7EA9TVnQtQ==} engines: {node: '>=12'} @@ -16058,6 +16075,8 @@ snapshots: '@ckeditor/ckeditor5-core': 47.4.0 '@ckeditor/ckeditor5-upload': 47.4.0 ckeditor5: 47.4.0 + transitivePeerDependencies: + - supports-color '@ckeditor/ckeditor5-ai@47.4.0(bufferutil@4.0.9)(utf-8-validate@6.0.5)': dependencies: @@ -16198,12 +16217,16 @@ snapshots: '@ckeditor/ckeditor5-utils': 47.4.0 '@ckeditor/ckeditor5-widget': 47.4.0 es-toolkit: 1.39.5 + transitivePeerDependencies: + - supports-color '@ckeditor/ckeditor5-cloud-services@47.4.0': dependencies: '@ckeditor/ckeditor5-core': 47.4.0 '@ckeditor/ckeditor5-utils': 47.4.0 ckeditor5: 47.4.0 + transitivePeerDependencies: + - supports-color '@ckeditor/ckeditor5-code-block@47.4.0(patch_hash=2361d8caad7d6b5bddacc3a3b4aa37dbfba260b1c1b22a450413a79c1bb1ce95)': dependencies: @@ -16396,6 +16419,8 @@ snapshots: '@ckeditor/ckeditor5-utils': 47.4.0 ckeditor5: 47.4.0 es-toolkit: 1.39.5 + transitivePeerDependencies: + - supports-color '@ckeditor/ckeditor5-editor-classic@47.4.0': dependencies: @@ -16405,6 +16430,8 @@ snapshots: '@ckeditor/ckeditor5-utils': 47.4.0 ckeditor5: 47.4.0 es-toolkit: 1.39.5 + transitivePeerDependencies: + - supports-color '@ckeditor/ckeditor5-editor-decoupled@47.4.0': dependencies: @@ -16414,6 +16441,8 @@ snapshots: '@ckeditor/ckeditor5-utils': 47.4.0 ckeditor5: 47.4.0 es-toolkit: 1.39.5 + transitivePeerDependencies: + - supports-color '@ckeditor/ckeditor5-editor-inline@47.4.0': dependencies: @@ -16447,8 +16476,6 @@ snapshots: '@ckeditor/ckeditor5-table': 47.4.0 '@ckeditor/ckeditor5-utils': 47.4.0 ckeditor5: 47.4.0 - transitivePeerDependencies: - - supports-color '@ckeditor/ckeditor5-emoji@47.4.0': dependencies: @@ -16505,8 +16532,6 @@ snapshots: '@ckeditor/ckeditor5-ui': 47.4.0 '@ckeditor/ckeditor5-utils': 47.4.0 ckeditor5: 47.4.0 - transitivePeerDependencies: - - supports-color '@ckeditor/ckeditor5-export-word@47.4.0': dependencies: @@ -16531,6 +16556,8 @@ snapshots: '@ckeditor/ckeditor5-utils': 47.4.0 ckeditor5: 47.4.0 es-toolkit: 1.39.5 + transitivePeerDependencies: + - supports-color '@ckeditor/ckeditor5-font@47.4.0': dependencies: @@ -16666,8 +16693,6 @@ snapshots: '@ckeditor/ckeditor5-ui': 47.4.0 '@ckeditor/ckeditor5-utils': 47.4.0 ckeditor5: 47.4.0 - transitivePeerDependencies: - - supports-color '@ckeditor/ckeditor5-indent@47.4.0': dependencies: @@ -16791,8 +16816,6 @@ snapshots: '@ckeditor/ckeditor5-utils': 47.4.0 ckeditor5: 47.4.0 es-toolkit: 1.39.5 - transitivePeerDependencies: - - supports-color '@ckeditor/ckeditor5-merge-fields@47.4.0': dependencies: @@ -16805,8 +16828,6 @@ snapshots: '@ckeditor/ckeditor5-widget': 47.4.0 ckeditor5: 47.4.0 es-toolkit: 1.39.5 - transitivePeerDependencies: - - supports-color '@ckeditor/ckeditor5-minimap@47.4.0': dependencies: @@ -16815,8 +16836,6 @@ snapshots: '@ckeditor/ckeditor5-ui': 47.4.0 '@ckeditor/ckeditor5-utils': 47.4.0 ckeditor5: 47.4.0 - transitivePeerDependencies: - - supports-color '@ckeditor/ckeditor5-operations-compressor@47.4.0': dependencies: @@ -16871,8 +16890,6 @@ snapshots: '@ckeditor/ckeditor5-utils': 47.4.0 '@ckeditor/ckeditor5-widget': 47.4.0 ckeditor5: 47.4.0 - transitivePeerDependencies: - - supports-color '@ckeditor/ckeditor5-pagination@47.4.0': dependencies: @@ -16992,8 +17009,6 @@ snapshots: '@ckeditor/ckeditor5-ui': 47.4.0 '@ckeditor/ckeditor5-utils': 47.4.0 ckeditor5: 47.4.0 - transitivePeerDependencies: - - supports-color '@ckeditor/ckeditor5-source-editing-enhanced@47.4.0': dependencies: @@ -17041,8 +17056,6 @@ snapshots: '@ckeditor/ckeditor5-utils': 47.4.0 ckeditor5: 47.4.0 es-toolkit: 1.39.5 - transitivePeerDependencies: - - supports-color '@ckeditor/ckeditor5-table@47.4.0': dependencies: @@ -17055,8 +17068,6 @@ snapshots: '@ckeditor/ckeditor5-widget': 47.4.0 ckeditor5: 47.4.0 es-toolkit: 1.39.5 - transitivePeerDependencies: - - supports-color '@ckeditor/ckeditor5-template@47.4.0': dependencies: @@ -17131,8 +17142,6 @@ snapshots: '@ckeditor/ckeditor5-icons': 47.4.0 '@ckeditor/ckeditor5-ui': 47.4.0 '@ckeditor/ckeditor5-utils': 47.4.0 - transitivePeerDependencies: - - supports-color '@ckeditor/ckeditor5-upload@47.4.0': dependencies: @@ -17169,8 +17178,6 @@ snapshots: '@ckeditor/ckeditor5-engine': 47.4.0 '@ckeditor/ckeditor5-utils': 47.4.0 es-toolkit: 1.39.5 - transitivePeerDependencies: - - supports-color '@ckeditor/ckeditor5-widget@47.4.0': dependencies: @@ -17190,8 +17197,6 @@ snapshots: '@ckeditor/ckeditor5-utils': 47.4.0 ckeditor5: 47.4.0 es-toolkit: 1.39.5 - transitivePeerDependencies: - - supports-color '@codemirror/autocomplete@6.18.6': dependencies: @@ -17615,6 +17620,15 @@ snapshots: - bluebird - supports-color + '@electron-forge/plugin-fuses@7.11.1(@electron/fuses@2.1.1)': + dependencies: + '@electron-forge/plugin-base': 7.11.1 + '@electron-forge/shared-types': 7.11.1 + '@electron/fuses': 2.1.1 + transitivePeerDependencies: + - bluebird + - supports-color + '@electron-forge/publisher-base@7.11.1': dependencies: '@electron-forge/shared-types': 7.11.1 @@ -17697,6 +17711,8 @@ snapshots: glob: 7.2.3 minimatch: 3.1.2 + '@electron/fuses@2.1.1': {} + '@electron/get@2.0.3': dependencies: debug: 4.4.3(supports-color@8.1.1)
Vulnerability mechanics
Root cause
"The Electron `RunAsNode` fuse was enabled, allowing the app to be launched in Node.js mode with the `-e` flag to execute arbitrary system commands under the app's identity, bypassing macOS TCC (Transparency, Consent, and Control) protections."
Attack vector
A local attacker runs malicious code that spawns a subprocess of the Trilium Notes Electron binary with the `-e` flag to execute arbitrary JavaScript/Node.js commands. Because macOS treats the subprocess as part of the parent application, any TCC permission prompt (e.g., for camera, microphone, screen recording, ~/Documents, ~/Downloads) appears to originate from Trilium Notes rather than the attacker's code [CWE-451]. The attacker must trick the user into running the malicious code (social engineering) and the user must approve the misleading TCC prompt [CWE-290]. No network access is required; the attack is purely local.
Affected code
The vulnerability is in the Electron configuration of the desktop app. The file `apps/desktop/electron-forge/forge.config.ts` did not set any Electron fuses, leaving the `RunAsNode` fuse enabled by default. The `apps/desktop/package.json` lacked the `@electron/fuses` and `@electron-forge/plugin-fuses` dependencies needed to configure fuses at build time.
What the fix does
The patch disables the `RunAsNode` fuse by setting `[FuseV1Options.RunAsNode]: false` in the Electron Forge configuration (`forge.config.ts`) [patch_id=804831]. This prevents the Electron binary from being used as a generic Node.js runtime, so the `-e` flag can no longer execute arbitrary code under the app's identity. The patch also disables `EnableNodeOptionsEnvironmentVariable` and `EnableNodeCliInspectArguments` to close additional Node.js-related attack surfaces, and enables `OnlyLoadAppFromAsar` and `EnableCookieEncryption` for defense-in-depth. The new `@electron/fuses` and `@electron-forge/plugin-fuses` dependencies are added to `package.json` and `pnpm-lock.yaml` to support these fuse settings.
Preconditions
- inputAttacker must be able to execute arbitrary code on the local macOS system (e.g., via a downloaded script or bundled malware).
- authUser must approve the misleading macOS TCC permission prompt when it appears.
- configTrilium Notes must be installed with the vulnerable Electron configuration (RunAsNode fuse enabled), which is the default in versions 0.102.1 and prior.
Generated on May 20, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.