CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



GHSA-62GX-5Q78-WRVX

GHSA-62GX-5Q78-WRVX: Authenticated Path Traversal in obsidian-local-rest-api

Amit Schendel
Amit Schendel
Senior Security Researcher

Jul 15, 2026·5 min read·6 visits

Executive Summary (TL;DR)

Authenticated path traversal allows arbitrary host filesystem read, write, and deletion via URL-encoded characters due to improper path resolution logic.

The obsidian-local-rest-api plugin prior to version 4.1.3 is vulnerable to an authenticated path traversal flaw in its /vault/{path} endpoints. An authenticated attacker can bypass the vault root boundary using URL-encoded directory traversal sequences to perform unauthorized operations on the host filesystem.

Vulnerability Overview

The NPM package and Obsidian community plugin obsidian-local-rest-api provides a secure REST API and Model Context Protocol (MCP) server for local or remote interaction with an Obsidian vault.

Prior to version 4.1.3, the plugin exposes an authenticated path traversal vulnerability in its /vault/{path} endpoints. This vulnerability is classified under CWE-22, denoting improper limitation of a pathname to a restricted directory.

An authenticated attacker possessing a valid REST API bearer token can escape the restricted sandbox of the Obsidian vault root. This allows the attacker to interact with the underlying host filesystem using the privileges of the active user executing the Obsidian application.

The attack surface is exposed via several standard REST API endpoints. These endpoints handle resource retrieval, modification, deletion, and relocation.

Root Cause Analysis

The vulnerability stems from the processing pipeline applied to the request URL path in the Express web framework combined with custom path decoding.

When a client issues an HTTP request containing percent-encoded slashes, the routing layer in Express does not interpret those encoded characters as path delimiters. Consequently, a URI path such as /vault/..%2Fetc%2Fpasswd is successfully routed to the handler for /vault/:path as a single parameter.

The application subsequently executes a substring operation to strip the initial route segment. The remaining string segment is then processed using the standard decodeURIComponent utility.

Decoding translates the percent-encoded sequences into raw directory traversal sequences. The resulting unsanitized file path is passed directly to the filesystem adapter without further validation.

Code Analysis

In vulnerable versions (4.1.2 and below), the route handlers inside src/requestHandler.ts extract user input paths directly from the request properties without validation.

async vaultGet(req: express.Request, res: express.Response): Promise<void> {
  const path = decodeURIComponent(
    req.path.slice(req.path.indexOf("/", 1) + 1),
  );
 
  return this._vaultGet(path, req, res);
}

The implementation extracts the path string and decodes it immediately before invoking the private _vaultGet helper. The system lacks any logical checks to ensure that the resolved path does not traverse above the parent vault directory.

To resolve this flaw, the maintainer introduced the extractVaultPath sanitization helper in version 4.1.3.

private extractVaultPath(req: express.Request, res: express.Response): string | null {
  let decoded: string;
  try {
    decoded = decodeURIComponent(req.path.slice(req.path.indexOf("/", 1) + 1));
  } catch {
    this.returnCannedResponse(res, { errorCode: ErrorCode.PathTraversalNotAllowed });
    return null;
  }
  const syntheticRoot = "/vault";
  const resolved = posix.resolve(syntheticRoot, decoded);
  if (resolved !== syntheticRoot && !resolved.startsWith(syntheticRoot + "/")) {
    this.returnCannedResponse(res, { errorCode: ErrorCode.PathTraversalNotAllowed });
    return null;
  }
  return decoded;
}

The updated implementation resolves the decoded path against a synthetic root (/vault) using the posix.resolve algorithm. It then explicitly checks whether the resolved path either matches the synthetic root or remains within its subdirectories. This design stops traversal strings from referencing files outside the vault.

Exploitation Methodology

Exploitation requires the attacker to possess a valid Bearer token, which must be supplied in the Authorization header of each HTTP request.

Once authenticated, an attacker can craft a target URI containing multiple percent-encoded traversal sequences (..%2F) to reach the root of the host operating system.

The following HTTP transaction demonstrates how an attacker can leverage a GET request to retrieve the host configuration file on a Unix-based system:

GET /vault/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd HTTP/1.1
Host: 127.0.0.1:8000
Authorization: Bearer <VALID_BEARER_TOKEN>
Accept: */*

If the application is vulnerable, the backend decodes the parameter to ../../../../../../../../../../../../../../../../../../../../etc/passwd and returns the file content with an HTTP 200 status code.

Write operations are similarly executed by leveraging PUT or POST methods against the directory traversal endpoints. An attacker can write script payloads directly to critical system shell configurations, such as .bashrc or .bash_profile, to achieve remote code execution when the local user opens a terminal session.

Impact Assessment

The impact of this vulnerability is critical due to the potential for arbitrary file write and subsequent execution on the host machine.

Because the REST API handles PUT, POST, DELETE, and MOVE requests, an attacker can modify files on the operating system with the permissions of the user running Obsidian.

When calculating CVSS severity, the vector depends on the network exposure of the API listener. If the listener is bound strictly to the local loopback interface, the CVSS 3.1 vector is CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H resulting in a High severity score of 8.2.

However, if the REST API port is exposed to a local area network or accessed via a cross-site scripting/DNS rebinding attack vector, the CVSS 3.1 vector evaluates to CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H, producing a Critical severity score of 9.1.

Remediation and Detection Guidance

The primary remediation strategy is upgrading the obsidian-local-rest-api plugin to version 4.1.3 or higher. This update replaces the vulnerable path parsing logic with the sanitized extractVaultPath resolution checks.

System administrators and security teams can deploy Snort rules to detect traversal patterns in HTTP requests targeting ports commonly used by this plugin.

alert tcp any any -> any [8000,8443] (msg:"Obsidian Local REST API Path Traversal Attempt (GHSA-62gx-5q78-wrvx)"; flow:to_server,established; content:"/vault/"; http_uri; content:"..%2F"; nocase; http_uri; sid:1000001; rev:1;)

Network detection should look for the literal string /vault/ followed by URL-encoded directory traversal signatures (..%2F or ..%2f). Additionally, logs containing HTTP requests can be monitored for the presence of these encoded characters in the requested path parameters.

Technical Appendix

CVSS Score
9.1/ 10
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected Systems

obsidian-local-rest-api NPM packageobsidian-local-rest-api Obsidian community plugin

Affected Versions Detail

Product
Affected Versions
Fixed Version
obsidian-local-rest-api
coddingtonbear
< 4.1.34.1.3
AttributeDetail
CWE IDCWE-22
Attack VectorNetwork / Local
CVSS Score9.1 (Critical)
ImpactArbitrary File Read, Write, Append, Deletion, and Remote Code Execution
Exploit StatusPoC Documented
KEV StatusNot Listed

MITRE ATT&CK Mapping

T1190Exploit Public-Facing Application
Initial Access
T1083File and Directory Discovery
Discovery
T1059.004Command and Scripting Interpreter: Unix Shell
Execution
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize elements within the pathname that can resolve to a location outside of the restricted directory.

References & Sources

  • [1]GitHub Security Advisory GHSA-62GX-5Q78-WRVX
  • [2]GitHub Repository for obsidian-local-rest-api
  • [3]Release v4.1.3 of obsidian-local-rest-api
  • [4]Code Diff between v4.1.2 and v4.1.3

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•33 minutes ago•GHSA-XG43-5579-QW6V
7.5

GHSA-XG43-5579-QW6V: Uncontrolled Resource Consumption (Decompression Bomb) in adawolfa/isdoc

A high-severity vulnerability exists in the adawolfa/isdoc PHP library before versions 1.4.1 and 2.0.0. The library fails to restrict or validate the sizes of files extracted from untrusted Zip archives (.isdocx container files) or PDF embedded streams. This allows remote attackers to perform decompression bomb attacks, causing denial of service via memory or disk exhaustion.

Alon Barad
Alon Barad
1 views•7 min read
•about 2 hours ago•GHSA-R3HX-X5RH-P9VV
9.8

GHSA-R3HX-X5RH-P9VV: Remote Code Execution via Unsafe Deserialization in django-haystack

A critical remote code execution vulnerability exists in django-haystack prior to version 3.4.0. The vulnerability stems from the Elasticsearch 1.x search backend incorrectly processing aliased search result fields, leading to the unsafe execution of user-supplied strings using Python's built-in eval() function.

Amit Schendel
Amit Schendel
5 views•5 min read
•about 6 hours ago•CVE-2026-50552
6.3

CVE-2026-50552: Server-Side Request Forgery via Validation Bypass in Koel

An authenticated Server-Side Request Forgery (SSRF) vulnerability in Koel, an open-source personal music streaming server, allows remote attackers to probe internal hosts and loopback addresses. The vulnerability arises due to a missing 'bail' validation rule in the Laravel-based form validation pipeline, which permits downstream HTTP checks to execute even after a URL has failed security verification.

Alon Barad
Alon Barad
6 views•6 min read
•about 7 hours ago•GHSA-8Q6Q-M837-FV64
6.4

GHSA-8Q6Q-M837-FV64: Authenticated Server-Side Request Forgery in Koel

A Server-Side Request Forgery (SSRF) vulnerability in the open-source personal music streaming server Koel allows authenticated Subsonic API users to perform unauthorized network queries. This flaw resides in both the Subsonic podcast feed import routine and the subsequent redirect handling inside the podcast streaming helper, exposing private local networks and internal loopback systems to unauthorized reconnaissance and interaction.

Alon Barad
Alon Barad
6 views•5 min read
•about 14 hours ago•CVE-2026-50661
6.1

CVE-2026-50661: Windows BitLocker Security Feature Bypass

CVE-2026-50661 is a security feature bypass vulnerability in Microsoft Windows BitLocker full-disk encryption. A physical attacker can exploit this flaw to bypass encryption controls, permitting unauthorized access to sensitive local storage and the modification of offline system configurations.

Amit Schendel
Amit Schendel
30 views•5 min read
•about 14 hours ago•CVE-2026-56164
5.3

CVE-2026-56164: Elevation of Privilege via Missing Authentication in Microsoft SharePoint Server

CVE-2026-56164 is a critical vulnerability affecting Microsoft SharePoint Server. It permits unauthenticated, remote attackers to bypass identity verification controls. This flaw is classified under CWE-306: Missing Authentication for Critical Function and allows elevation of privilege up to Farm Administrator level. The vulnerability has been added to CISA's Known Exploited Vulnerabilities catalog due to active exploitation.

Amit Schendel
Amit Schendel
41 views•6 min read