How is CVE-2026-47899 exploited?

Network reachability (not-required): The attacker needs an existing shell or process on the host, or the ability to execute JavaScript inside the Logseq renderer (for example through a plugin or XSS); no network-level access to the service is required. Authentication (not-required): No credentials or account privileges are required; any JavaScript execution context inside the renderer is sufficient to invoke the vulnerable IPC handlers. Victim interaction (not-required): No victim interaction is required once the attacker has JavaScript execution in the renderer; the IPC call is made programmatically without any user gesture. Attack complexity (info): Attack complexity is low in terms of exploit mechanics, though AT:P indicates that specific target conditions (such as a loaded plugin or an XSS entry point) must be present in the environment.

What is the impact of CVE-2026-47899?

Reads arbitrary files from the user's filesystem, including credentials, private keys, configuration files, and documents stored anywhere the OS user account can access. Writes or overwrites arbitrary files, enabling an attacker to plant malicious content, replace binaries, or corrupt application data. Modifies or deletes files in other security contexts beyond the Logseq application itself, potentially affecting system integrity outside the app boundary. Affects both the local security context and subsequent security contexts (SC:H, SI:H), meaning damage can propagate to data or processes that depend on the tampered files.

Back to search

HIGHCVE-2026-47899Published 2026-06-09Modified 2026-06-09CNA CERT-PL

CVE-2026-47899: Arbitrary File Read, Write, Rename, and Delete in Logseq

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer (e.g. via XSS or a malicious plugin), can read, write, or delete arbitrary files on the user's system. While only version v0.10.15 was tested and confirmed as vulnerable, status of other versions is unknown since this issue was not addressed by a patch.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

An arbitrary file read, write, rename, and delete vulnerability exists in Logseq's Electron preload script. The vulnerability is reachable locally without authentication: any JavaScript executing inside the renderer process (for example via a cross-site scripting payload or a malicious plugin) can invoke unvalidated IPC handlers to reach the host filesystem. Successful exploitation gives an attacker full read and write access to arbitrary files on the user's system, as well as the ability to modify or delete files in other security contexts. No fix version has been published; HarborGuard tracks the upstream advisory and will make a patched-image rebuild available as soon as a fix is released.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in registries and CI pipelines, including custom-built Electron-based images that bundle Logseq. Coverage applies to both tagged releases and internally assembled images that pin an affected version.

Available

Triage

HarborGuard is capable of scoring this finding at CVSS 8.7 (HIGH) and weighting it against each environment's compliance policy before routing it to the appropriate team inbox. Per-environment policy configuration determines escalation priority and notification targets.

Available

Patch

Because no upstream fix version has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment an upstream fix is released. For customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will be triggered automatically at that point.

Pending upstream

Exploit Conditions

Network reachabilityNot required
The attacker needs an existing shell or process on the host, or the ability to execute JavaScript inside the Logseq renderer (for example through a plugin or XSS); no network-level access to the service is required.
AuthenticationNot required
No credentials or account privileges are required; any JavaScript execution context inside the renderer is sufficient to invoke the vulnerable IPC handlers.
Victim interactionNot required
No victim interaction is required once the attacker has JavaScript execution in the renderer; the IPC call is made programmatically without any user gesture.
Attack complexityDetail
Attack complexity is low in terms of exploit mechanics, though AT:P indicates that specific target conditions (such as a loaded plugin or an XSS entry point) must be present in the environment.

Blast Radius

Reads arbitrary files from the user's filesystem, including credentials, private keys, configuration files, and documents stored anywhere the OS user account can access.
Writes or overwrites arbitrary files, enabling an attacker to plant malicious content, replace binaries, or corrupt application data.
Modifies or deletes files in other security contexts beyond the Logseq application itself, potentially affecting system integrity outside the app boundary.
Affects both the local security context and subsequent security contexts (SC:H, SI:H), meaning damage can propagate to data or processes that depend on the tampered files.

How HarborGuard Handles This

Available on HarborGuard: because no upstream patch exists for CVE-2026-47899, the platform monitors the advisory on every ingest cycle and will surface a patched-image rebuild the moment Logseq publishes a fix. In the meantime, customers can apply compensating controls through HarborGuard policy: flag any image bundling logseq at or below v0.10.15 as non-compliant, enforce network-policy isolation to limit what the container can reach if Logseq is containerized, and restrict untrusted plugin loading at the OS or container entrypoint level. For customers with auto-remediation enabled, a rebuild, regression test run, and PR against affected workloads will be initiated automatically once a fix version is published upstream. Customers who manage their own plugin allowlists should treat any unvetted Logseq plugin as a potential privilege escalation path until the IPC validation flaw is patched.

See how HarborGuard automates this

Affected packages

logseq / logseq
≤ 0.10.15

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

References

Metrics

Get notified