How is CVE-2026-9279 exploited?

Network reachability (not-required): The attacker needs an existing shell, process, or code-execution foothold on the host (or in the renderer context); no over-the-network path to the vulnerable handler is required. Authentication (not-required): No credentials or account are required; the IPC handler is reachable from any JavaScript context running inside the Logseq renderer. Victim interaction (not-required): No victim action is needed beyond Logseq already running; the attacker's injected JavaScript reaches the IPC handler without any additional user gesture. Attack complexity (info): Base exploit reliability is high (AC:L), though the CVSS vector notes an attack target precondition (AT:P), meaning specific conditions such as a loaded plugin surface or an XSS entry point must exist before the injection path is reachable.

What is the impact of CVE-2026-9279?

Attacker executes arbitrary shell commands with the full OS-level privileges of the Logseq process, including spawning new processes and writing executable files to disk. Any files readable by the Logseq user account, including notes, tokens, SSH keys, and browser cookies stored on the host, are exposed. Attacker can write or overwrite files in the user's home directory and any mounted paths accessible to the Logseq process. Downstream systems reachable from the host (SC:H/SI:H) are also in scope; the attacker can pivot to network shares, cloud credential files, or other services the host has access to.

Back to search

HIGHCVE-2026-9279Published 2026-06-09Modified 2026-06-09CNA CERT-PL

CVE-2026-9279: Shell command injection in Logseq

Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name (e.g. `git`, `pandoc`, `grep`), the argument string is concatenated with the command and passed to `child_process.spawn` with the `shell: true` option, allowing shell metacharacters in the arguments to bypass the allowlist. An attacker with JavaScript execution in the renderer (e.g. via XSS or a malicious plugin) can execute arbitrary shell commands with the privileges of the Logseq process, leading to remote code execution on the host. While only version v0.10.15 was tested and confirmed as vulnerable, status of other versions is unknown since this issue was not addressed by a patch.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

Shell command injection in Logseq allows an attacker with JavaScript execution in the renderer process to run arbitrary shell commands on the host. The CVSS vector (AV:L/PR:N/UI:N) indicates the attacker needs an existing foothold in the renderer, such as through a cross-site scripting flaw or a malicious plugin, but requires no authentication and no victim interaction beyond having Logseq running. Successful exploitation gives the attacker full code execution with the privileges of the Logseq process, including read and write access to the host filesystem and any connected systems in scope. No upstream fix has been published; HarborGuard tracks this advisory and will make a patched-image rebuild available the moment an upstream fix is released.

HarborGuard Coverage

Detection

Detection capability is available across every HarborGuard environment: CVE-2026-9279 is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle Logseq at any affected version.

Available

Triage

HarborGuard scores this CVE at 8.7 HIGH using the CVSS v4.0 vector and weights that score against each customer environment's compliance policy to determine urgency and routing. Triage findings are surfaced to the appropriate team inbox inside each customer organization based on policy configuration.

Available

Patch

Because no upstream fix version has been published, HarborGuard re-checks this advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. In the interim, customers with auto-remediation enabled will receive compensating-control guidance through the HarborGuard remediation workflow.

Pending upstream

Exploit Conditions

Network reachabilityNot required
The attacker needs an existing shell, process, or code-execution foothold on the host (or in the renderer context); no over-the-network path to the vulnerable handler is required.
AuthenticationNot required
No credentials or account are required; the IPC handler is reachable from any JavaScript context running inside the Logseq renderer.
Victim interactionNot required
No victim action is needed beyond Logseq already running; the attacker's injected JavaScript reaches the IPC handler without any additional user gesture.
Attack complexityDetail
Base exploit reliability is high (AC:L), though the CVSS vector notes an attack target precondition (AT:P), meaning specific conditions such as a loaded plugin surface or an XSS entry point must exist before the injection path is reachable.

Blast Radius

Attacker executes arbitrary shell commands with the full OS-level privileges of the Logseq process, including spawning new processes and writing executable files to disk.
Any files readable by the Logseq user account, including notes, tokens, SSH keys, and browser cookies stored on the host, are exposed.
Attacker can write or overwrite files in the user's home directory and any mounted paths accessible to the Logseq process.
Downstream systems reachable from the host (SC:H/SI:H) are also in scope; the attacker can pivot to network shares, cloud credential files, or other services the host has access to.

How HarborGuard Handles This

Available on HarborGuard: because no upstream patch exists for CVE-2026-9279, HarborGuard monitors this advisory on every ingest cycle and will automatically surface a patched-image rebuild the moment CERT-PL or the Logseq project publishes a fix. While no fix is available, customers are encouraged to apply compensating controls: restrict Logseq plugin installation to a verified allowlist via network policy or MDM configuration, apply egress filtering on hosts running Logseq to limit lateral movement from any shell command that is executed, and consider feature-flag gating or disabling IPC-exposed shell integrations (git, pandoc, grep wrappers) if those workflows are not operationally required. For environments with auto-remediation enabled, a rebuilt image and regression test run will be triggered and a PR opened against affected workloads as soon as an upstream fix version is published.

See how HarborGuard automates this

Affected packages

logseq / logseq
≤ 0.10.15

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

References

Metrics

Get notified