CVE Catalog

CVE-2026-14722

HighCVSS 7.3
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

23th percentile — higher than 23% of all known CVEs

Summary

A vulnerability was found in TidGi-Desktop up to version 0.13.0 in the Git Repository Import component. An unknown function in loadWikiTiddlersWithSubWikis.ts allows remote code injection. The exploit has been made public.

Risk Assessment

An attacker can remotely execute arbitrary code on the victim's system, leading to full compromise of data confidentiality, integrity, and availability.

Recommendation

Immediately update TidGi-Desktop to the latest version after 0.13.0 and restrict access to the Git repository import feature to trusted sources only.

Original NVD description (English source)

A vulnerability was found in tiddly-gittly TidGi-Desktop up to 0.13.0. This impacts an unknown function of the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts of the component Git Repository Import. The manipulation results in code injection. The attack may be performed from remote. The exploit has been made public and could be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS