CVE-2026-14722

HIGH

tiddly-gittly TidGi-Desktop Git Repository Import loadWikiTiddlersWithSubWikis.ts code injection

Title source: cna
STIX 2.1

Description

A vulnerability was found in tiddly-gittly TidGi-Desktop up to 0.13.0. This impacts an unknown function of the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts of the component Git Repository Import. The manipulation results in code injection. The attack may be performed from remote. The exploit has been made public and could be used.

References (6)

Core 6
Core References
Vdb Entry vdb-entry
VDB-376309 | tiddly-gittly TidGi-Desktop Git Repository Import loadWikiTiddlersWithSubWikis.ts code injection
https://vuldb.com/vuln/376309
Signature, Permissions Required signature permissions-required
VDB-376309 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/376309/cti
Third Party Advisory third-party-advisory
CVE-2026-14722 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-14722
Third Party Advisory third-party-advisory
Submit #847648 | tiddly-gittly TidGi Desktop 0.13.0 TidGi Desktop 0.13.0 Remote Code Execution via Untrusted TiddlyW
https://vuldb.com/submit/847648

Scores

CVSS v3 7.3
EPSS 0.0032
EPSS Percentile 23.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-74 CWE-94
Status published
Products (13)
tiddly-gittly/TidGi-Desktop 0.1
tiddly-gittly/TidGi-Desktop 0.10
tiddly-gittly/TidGi-Desktop 0.11
tiddly-gittly/TidGi-Desktop 0.12
tiddly-gittly/TidGi-Desktop 0.13.0
tiddly-gittly/TidGi-Desktop 0.2
tiddly-gittly/TidGi-Desktop 0.3
tiddly-gittly/TidGi-Desktop 0.4
tiddly-gittly/TidGi-Desktop 0.5
tiddly-gittly/TidGi-Desktop 0.6
... and 3 more
Published Jul 05, 2026
Tracked Since Jul 05, 2026