{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/obsidian/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["obsidian-local-rest-api (prior to 4.1.3)"],"_cs_severities":["high"],"_cs_tags":["path-traversal","web-application","vulnerability","obsidian"],"_cs_type":"advisory","_cs_vendors":["Obsidian"],"content_html":"\u003cp\u003eA critical authenticated path traversal vulnerability, tracked as GHSA-62gx-5q78-wrvx, has been identified in the Obsidian Local REST API plugin (versions prior to 4.1.3). This flaw allows an authenticated client to perform arbitrary file read, write, and delete operations on the host system. The vulnerability arises because the plugin's \u003ccode\u003e/vault/{path}\u003c/code\u003e endpoints percent-decode request paths \u003cem\u003eafter\u003c/em\u003e the Express framework has already routed and normalized them. This timing issue allows URL-encoded directory traversal sequences, specifically \u003ccode\u003e..%2F..%2F\u003c/code\u003e, to bypass initial routing layer checks. Once decoded by the handler, these sequences are reinterpreted as real directory traversals (\u003ccode\u003e../\u003c/code\u003e), escaping the intended vault directory without further confinement checks. This poses a significant risk as attackers can access sensitive files (e.g., SSH keys, browser profiles), modify system configurations, or destroy critical data, especially in deployments where the API serves as a backend for agents or other automated systems.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated attacker, possessing a valid API key for the Obsidian Local REST API, crafts a malicious HTTP request.\u003c/li\u003e\n\u003cli\u003eThe attacker targets one of the vulnerable \u003ccode\u003e/vault/{path}\u003c/code\u003e endpoints (GET, PUT, PATCH, POST, or DELETE).\u003c/li\u003e\n\u003cli\u003eThe crafted request includes URL-encoded directory traversal sequences like \u003ccode\u003e..%2F\u003c/code\u003e or \u003ccode\u003e%2e%2e\u003c/code\u003e within the \u003ccode\u003epath\u003c/code\u003e component of the URL.\u003c/li\u003e\n\u003cli\u003eThe Express framework routes the request; however, it does not normalize or reject the encoded \u003ccode\u003e..%2F\u003c/code\u003e sequences, allowing them to reach the API handler.\u003c/li\u003e\n\u003cli\u003eInside the Obsidian Local REST API handler, the \u003ccode\u003edecodeURIComponent\u003c/code\u003e function is applied to the request path.\u003c/li\u003e\n\u003cli\u003eThis decoding step converts \u003ccode\u003e..%2F\u003c/code\u003e into \u003ccode\u003e../\u003c/code\u003e, effectively reconstituting a functional directory traversal path.\u003c/li\u003e\n\u003cli\u003eThe API handler then passes this unconfined, escaped path directly to the Obsidian vault adapter's file operations (e.g., \u003ccode\u003ereadBinary\u003c/code\u003e, \u003ccode\u003egetAbstractFileByPath\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eWith the reconstructed path, the Obsidian process, running with its current user's privileges, performs the requested operation (read, write, or delete) on arbitrary files outside the configured vault directory.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability enables an authenticated attacker to read, write, or delete any file on the host system that the Obsidian process has permissions to access. This can lead to the compromise of sensitive user data, including SSH keys, browser profiles, dotfiles, and credentials stored in the user's home directory. In scenarios where the Obsidian Local REST API is used as a backend for multi-component platforms (MCPs) or LLM agents, a prompt injection or malicious client could leverage this to elevate its capabilities from confined note editing to full host filesystem manipulation, leading to widespread data destruction, system modification, or even remote code execution.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the \u003ccode\u003eobsidian-local-rest-api\u003c/code\u003e plugin to version 4.1.3 or higher immediately to apply the vendor's patch.\u003c/li\u003e\n\u003cli\u003eDeploy the \u003ccode\u003eDetect GHSA-62gx-5q78-wrvx Path Traversal in Obsidian Local REST API\u003c/code\u003e Sigma rule to your SIEM to detect attempted exploitation involving URL-encoded traversal sequences in webserver logs.\u003c/li\u003e\n\u003cli\u003eMonitor webserver access logs for the \u003ccode\u003e/vault/\u003c/code\u003e endpoint for unusual activity, specifically \u003ccode\u003ecs-uri-stem\u003c/code\u003e values containing \u003ccode\u003e%2F\u003c/code\u003e or \u003ccode\u003e%2e%2e\u003c/code\u003e that indicate path traversal attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-15T21:58:29Z","date_published":"2026-07-15T21:58:29Z","id":"https://feed.craftedsignal.io/briefs/2026-07-obsidian-pathtraversal/","summary":"An authenticated path traversal vulnerability (GHSA-62gx-5q78-wrvx) in the Obsidian Local REST API's `/vault/{path}` endpoints allows an attacker to bypass path normalization checks using URL-encoded `%2F` sequences, enabling arbitrary file read, write, and delete operations outside the intended vault directory with the privileges of the Obsidian process.","title":"Authenticated Path Traversal in Obsidian Local REST API","url":"https://feed.craftedsignal.io/briefs/2026-07-obsidian-pathtraversal/"}],"language":"en","title":"CraftedSignal Threat Feed - Obsidian","version":"https://jsonfeed.org/version/1.1"}