Severity: High (CVSS 8.7)

Affected Systems: Affected products listed in the NVD and vendor advisory

Overview

Shell command injection in Logseq

A high vulnerability identified as CVE-2026-9279 has been disclosed.

Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name (e.g. `git`, `pandoc`, `grep`), the argument string is concatenated with the command and passed to `child_process.spawn` with the `shell: true` option, allowing shell metacharacters in the arguments to bypass the allowlist. An attacker with JavaScript execution in the renderer (e.g. via XSS or a malicious plugin) can execute arbitrary shell commands with the privileges of the Logseq process, leading to remote code execution on the host.
While only version v0.10.15 was tested and confirmed as vulnerable, status of other versions is unknown since this issue was not addressed by a patch.

Risk

CVSS and CISA data indicate the following:

  • Review the NVD and vendor advisory for exploit conditions and impact

OpenCVE Analysis

CVSS v4.0 8.7 HighCVSS v3.1 N/ACVSS v3.0 N/ACVSS v2 N/AKEV noEPSS noSSVC no

  • OpenCVE title: Shell command injection in Logseq
  • Severity score: High (CVSS 8.7)
  • Weaknesses: CWE-78

Required Action

Review the linked vendor and NVD advisory, then apply the vendor-provided update or mitigation for the affected product.

Prioritize systems where the affected product is internet-facing, handles authentication, or runs with elevated privileges.

Verify Updates

Confirm whether your environment uses the affected product(s): Affected products listed in the NVD and vendor advisory.

After remediation, verify the installed version against the fixed or unaffected versions listed by the vendor.

Temporary Mitigation (if patch is not available)

Use the mitigation published by the vendor. If no vendor mitigation is available, reduce exposure to the affected product, restrict access to trusted users or networks, and increase monitoring until an update can be applied.

Recommendation

  • Use OpenCVE, vendor, and source references as the source of truth for affected versions and remediation
  • Patch or mitigate affected products after confirming exposure in your environment
  • Monitor affected systems for unusual activity until remediation is complete

Support

If you require assistance, please contact our support team.

Immediate action is strongly recommended to protect your infrastructure.

Source Details



Tuesday, June 9, 2026

« Back