CVE-2026-14722
HIGHtiddly-gittly TidGi-Desktop Git Repository Import loadWikiTiddlersWithSubWikis.ts code injection
Title source: cnaDescription
A vulnerability was found in tiddly-gittly TidGi-Desktop up to 0.13.0. This impacts an unknown function of the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts of the component Git Repository Import. The manipulation results in code injection. The attack may be performed from remote. The exploit has been made public and could be used.
References (6)
Core 6
Core References
Vdb Entry vdb-entry
VDB-376309 | tiddly-gittly TidGi-Desktop Git Repository Import loadWikiTiddlersWithSubWikis.ts code injection
https://vuldb.com/vuln/376309
Signature, Permissions Required signature
permissions-required
VDB-376309 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/376309/cti
Third Party Advisory third-party-advisory
CVE-2026-14722 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-14722
Third Party Advisory third-party-advisory
Submit #847648 | tiddly-gittly TidGi Desktop 0.13.0 TidGi Desktop 0.13.0 Remote Code Execution via Untrusted TiddlyW
https://vuldb.com/submit/847648
Exploit exploit
https://github.com/tiddly-gittly/TidGi-Desktop/security/advisories/GHSA-9hc2-hjx8-q6pv
Product product
https://github.com/tiddly-gittly/TidGi-Desktop/
Scores
CVSS v3
7.3
EPSS
0.0032
EPSS Percentile
23.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-74
CWE-94
Status
published
Products (13)
tiddly-gittly/TidGi-Desktop
0.1
tiddly-gittly/TidGi-Desktop
0.10
tiddly-gittly/TidGi-Desktop
0.11
tiddly-gittly/TidGi-Desktop
0.12
tiddly-gittly/TidGi-Desktop
0.13.0
tiddly-gittly/TidGi-Desktop
0.2
tiddly-gittly/TidGi-Desktop
0.3
tiddly-gittly/TidGi-Desktop
0.4
tiddly-gittly/TidGi-Desktop
0.5
tiddly-gittly/TidGi-Desktop
0.6
... and 3 more
Published
Jul 05, 2026
Tracked Since
Jul 05, 2026