CVE-2026-14722

tiddly-gittly · TidGi-Desktop

A code injection vulnerability in tiddly-gittly TidGi-Desktop allows for arbitrary command execution via improper input handling.

Executive summary

A code injection vulnerability in tiddly-gittly TidGi-Desktop poses a high risk, potentially allowing unauthenticated attackers to execute arbitrary code on the host system.

Vulnerability

The application is vulnerable to code injection (CWE-94) and general injection (CWE-74). This indicates that the software fails to properly sanitize inputs, allowing an attacker to inject and execute malicious code remotely without authentication.

Business impact

With a CVSS score of 7.3, this flaw presents a critical threat to system integrity. Successful exploitation could grant an attacker full control over the desktop environment, leading to total system compromise, exfiltration of sensitive local data, and potential lateral movement within the user's network.

Remediation

Immediate Action: Update TidGi-Desktop to the latest secure version immediately as provided in the official vendor repository.

Proactive Monitoring: Monitor the host system for unusual child processes or unauthorized file modifications initiated by the TidGi-Desktop application.

Compensating Controls: Run the application with the least privilege necessary and avoid opening untrusted TiddlyWiki files or interacting with external web-based sources while using the software.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Code injection vulnerabilities are high-severity risks that require immediate remediation. Users of TidGi-Desktop should ensure they update to the latest patched version to prevent remote attackers from achieving arbitrary code execution on their workstations.