A critical-rated path traversal vulnerability in Joplin’s OneNote importer allows attackers to overwrite arbitrary files on disk, including sensitive system files. It could ultimately lead to remote code execution on affected systems.
Millions of users relying on the popular open-source note-taking application Joplin are at risk following the disclosure of CVE-2026-22810, a high-severity path traversal vulnerability embedded in the application’s OneNote import functionality.
Published on May 15, 2026, under GitHub Security Advisory GHSA-gcmj-c9gg-9vh6, the flaw carries a CVSS v3.1 score of 8.2 (High). It affects all Joplin desktop versions from 3.2.2 through 3.5.6, every version that has ever shipped with a OneNote importer.
At its core, CVE-2026-22810 is a CWE-24 path traversal flaw, specifically a '../filedir' traversal weakness rooted in the @joplin/onenote-converter package and the associated Rust-based one2html library.
Joplin Path Traversal Flaw
The vulnerability exists because Joplin’s OneNote converter fails to sanitize the filenames of embedded files parsed from .one files before writing them to disk.
When a user imports a OneNote export (.one file) into Joplin, the application parses embedded file metadata and writes those files to the local filesystem using the filenames extracted directly from the archive.
The vulnerable code in embedded_file.rs constructs target file paths by naively joining the output directory with the attacker-controlled filename string without stripping or neutralizing ../../ sequences.
The result: a threat actor can craft a malicious .one file that embeds filenames like ../../.bashrc or ../../etc/cron.d/backdoor, which are then interpreted as traversal paths during extraction, silently overwriting files well outside the intended output directory.
The vulnerable logic in embedded_file.rs (lines 13–16) is straightforward but devastating:
let filename = self.determine_filename(file.filename())?;
let path = fs_driver().join(self.output.as_str(), filename.as_str());
log!("Rendering embedded file: {:?}", path);
fs_driver().write_file(&path, file.data())?;The determine_filename() function passes through the filename parsed from the .one file without any path normalization or directory escape prevention.
This means the path-joining operation blindly accepts traversal sequences embedded in the attacker-supplied string. This logic was introduced as far back as commit 4d7fa59 in Joplin 3.2.2, the very first version to include the OneNote importer, meaning the flaw has existed since the feature’s inception.
Researcher msiemens, credited with discovering the vulnerability, demonstrated a working proof-of-concept (PoC) tested on Fedora Linux 43 using Joplin 3.4.12 and 3.5.6. The PoC .one file successfully overwrote Joplin’s own log.txt with arbitrary binary content (a WAV file), confirming the traversal path execution.
The researcher further noted that with a more carefully crafted payload, an attacker could overwrite .bashrc on Linux, enabling persistent code execution on the next shell session.
The vulnerability scores CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H, reflecting a serious but locally-triggered attack chain.
| CVSS Metric | Value |
|---|---|
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | Required |
| Scope | Changed |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | High |
| Overall Score | 8.2 (High) |
While the attack vector is local, requiring the victim to import a malicious .one file manually, the exploitation complexity is remarkably low once user interaction is achieved.
Social engineering tactics, such as phishing emails claiming to contain “shared OneNote notebooks,” could readily serve as the delivery mechanism, making this a realistic threat in enterprise environments where Joplin is deployed for team note management.
Affected Versions
This vulnerability impacts three separate packages:
| Package | Ecosystem | Affected Versions | Patched Version |
|---|---|---|---|
@joplin/app-desktop | npm | 3.2.2 – 3.5.6 | 3.5.7 |
@joplin/onenote-converter | npm | ≤ 3.5.1 | None listed |
one2html | Rust (crates.io) | ≤ 1.3.0 | None listed |
Remediation
The Joplin project has addressed the vulnerability in Joplin v3.5.7 through a commit 7916684, which implements proper path sanitization to neutralize ../ sequences before filename construction. The one2html Rust library received a parallel fix via commit 948d65c in the msiemens/one2html repository.
Immediate recommended actions:
- Update Joplin Desktop to version 3.5.7 or later without delay. This is the only fully patched release.
- Avoid importing untrusted
.onefiles from unknown or unverified sources until patching is confirmed. - Audit recent OneNote imports on shared or enterprise Joplin deployments for unexpected file modifications in user home directories.
- Developers using
@joplin/onenote-converterorone2htmlas dependencies should track upstream patch releases and pin to non-vulnerable versions immediately.
The real-world impact of CVE-2026-22810 extends beyond a simple file overwrite. By targeting shell initialization files (.bashrc, .zshrc, .profile) or cron job directories, an attacker who successfully delivers a malicious .one file can establish persistent remote code execution on the victim’s system without triggering any conventional exploit mitigations.
On multi-user systems or CI/CD pipelines that automate Joplin imports, the blast radius could be significantly larger. The Changed Scope indicator in the CVSS score specifically reflects this: a successful exploit breaks out of Joplin’s process boundary and affects the broader operating system environment.
FAQ
Q1: Which versions of Joplin are vulnerable to CVE-2026-22810?
All Joplin Desktop versions from 3.2.2 through 3.5.6 that include the OneNote importer are affected, and users must upgrade to version 3.5.7 or later for full protection.
Q2: Can CVE-2026-22810 lead to remote code execution?
Yes, while the initial attack vector is local and requires user interaction (importing a malicious .one file), overwriting files like .bashrc or cron entries can chain into persistent remote code execution.
Q3: Is a public proof-of-concept exploit available for this vulnerability?
Yes, researcher msiemens published a working PoC demonstrating arbitrary file overwriting on Fedora Linux, confirmed against Joplin versions 3.4.12 and 3.5.6.
Q4: Does the vulnerability affect Windows and macOS users, or only Linux?
The PoC was tested on Linux, but the path-traversal flaw exists in cross-platform code; Windows and macOS users running affected Joplin versions are also at risk of file overwrites in accessible directories.
Site: thecybrdef.com
For more insights and updates, follow us on Google News, Twitter, and LinkedIn.
About the Author
