High

Arbitrary File Access via Exposed IPC Method in Logseq Electron Preload Script

IdentifiersCVE-2026-47899CWE-749· Exposed Dangerous Method or Function

CVE-2026-47899 affects Logseq's Electron application. The Electron preload script exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. If an attacker obtains JavaScript execution in the renderer context, they can abuse this exposed functionality to perform filesystem operations on attacker-chosen paths. The reported consequence is arbitrary file read, write, and deletion on the local system. The issue was confirmed on Logseq v0.10.15; the status of other versions is unknown because the issue had not been addressed by a patch at the time of disclosure.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows an attacker with renderer-context JavaScript execution to access arbitrary files on the victim system, including reading sensitive local data, overwriting files, and deleting files. This creates high confidentiality and integrity impact on the host running Logseq and may also enable follow-on compromise depending on what files are accessible to the Logseq process.

Mitigation

If you can’t patch tonight, do this now.

Until a vendor fix is available, reduce exposure by preventing untrusted JavaScript execution in the renderer. In practice, avoid installing untrusted plugins, disable or tightly control plugin use where possible, and reduce XSS exposure in Logseq content and workflows. Treat any capability that grants renderer JavaScript execution as a path to local filesystem compromise.

Remediation

Patch, then assume compromise.

No patch is described in the provided content. Logseq v0.10.15 was tested and confirmed vulnerable, and other versions may also be affected but were not confirmed. The appropriate remediation is to apply a vendor security update once Logseq releases a fix that removes or restricts the exposed preload API and enforces proper path validation on IPC-invoked filesystem operations.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

LogseqLogseqapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

2 SOURCESView more in app

cvefeed high severityNews

Jun 9, 2026

CVE-2026-47899 - Arbitrary File Read, Write, Rename, and Delete in Logseq

A Logseq Electron preload-script vulnerability that allows a renderer process with JavaScript execution to invoke IPC handlers without proper path validation, enabling arbitrary file read, write, or deletion on the user's system.

cert polskaNews

Jun 1, 2026

Vulnerabilities in Logseq software | CERT Polska

A dangerous method exposure / improper path validation issue in Logseq's Electron preload script that allows arbitrary file read, write, or deletion on the user's system.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-47899

NVD

nvd.nist.gov/vuln/detail/CVE-2026-47899

MITRE CWE · CWE-749

Exposed Dangerous Method or Function

cert.pl

cert.pl/en/posts/2026/06/CVE-2026-9279

logseq.com