CNNVD-202602-946 Information
CNNVD ID
CNNVD-202602-946
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
Trilium Notes是Zadam个人开发者的一个分层笔记应用程序。专注于构建大型个人知识库。 Trilium Notes 0.101.0之前版本存在安全漏洞,该漏洞源于同步身份验证端点存在关键时序攻击,可能导致未经验证的远程攻击者通过统计时序分析逐字节恢复HMAC身份验证哈希,从而完全绕过身份验证。
Description (English)
Trilum Notes is an application for Zadam personal developers to take notes. Focus on building a large personal knowledge base. There is a security loophole in the pre-Trilum Notes 0.101.0 version, which stems from the existence of a critical time-series attack at the synchronous endpoint of identification, which could result in uncertified long-range assailants restoring HMAC identification to Hasi by-by-tee through statistical time-series analysis, thus completely circumventing identification.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/TriliumNext/Trilium/pull/8129 https://github.com/TriliumNext/Trilium/security/advisories/GHSA-hxf6-58cx-qq3x https://access.redhat.com/security/cve/cve-2025-68621