CVE-2026-14722
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk23th percentile — higher than 23% of all known CVEs
Summary
A vulnerability was found in TidGi-Desktop up to version 0.13.0 in the Git Repository Import component. An unknown function in loadWikiTiddlersWithSubWikis.ts allows remote code injection. The exploit has been made public.
Risk Assessment
An attacker can remotely execute arbitrary code on the victim's system, leading to full compromise of data confidentiality, integrity, and availability.
Recommendation
Immediately update TidGi-Desktop to the latest version after 0.13.0 and restrict access to the Git repository import feature to trusted sources only.
Original NVD description (English source)
A vulnerability was found in tiddly-gittly TidGi-Desktop up to 0.13.0. This impacts an unknown function of the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts of the component Git Repository Import. The manipulation results in code injection. The attack may be performed from remote. The exploit has been made public and could be used.

