HIGH — CVSS 8.7 CVE-2026-40262 | Cross-platform | Note Mark ≤ 0.19.1

Your Private Notes App Could Let Hackers Hijack Anyone Who Views Your Files

By Security Desk | Updated 2026 | xss file-upload content-type-bypass browser-sniffing

Imagine sharing a note with a colleague and, without either of you clicking anything suspicious, an invisible script silently steals their login session — all because of a file you innocently attached.

Who Is at Risk — and Why It Matters

Note Mark is a self-hosted, open-source note-taking application used by individuals, small teams, and organizations who want a private alternative to cloud services like Notion or Obsidian Sync. Because it is self-hosted, it often lives inside corporate intranets, home lab setups, and internal knowledge-base systems — environments where people tend to lower their guard precisely because the tool feels "private."

The vulnerability affects all versions up to and including 0.19.1 — meaning every installation that has not been manually patched is currently exposed. No exact download count is publicly available, but the project has steady adoption among the self-hosting community on GitHub. The real danger isn't just individual users: in a team deployment, one malicious insider — or one compromised account — can weaponize the app against every other user who ever clicks a shared asset link.

Bottom line: If your team uses Note Mark to share notes and files, any authenticated user on your instance could silently attack every other user — including administrators — simply by uploading a crafted file.

What Is Actually Happening — In Plain English

When you attach a file to a note in Note Mark — say, an image or a document — the app stores it and makes it available at a web address that anyone with access can visit. The problem is how Note Mark serves those files back to your browser. A well-behaved web server is supposed to clearly label every file it sends: "this is an image," "this is a PDF," "this is plain text." That label — called a content type — tells your browser what to do with the file. Note Mark fails to set that label correctly for a whole category of files, including HTML pages and SVG graphics.

When a label is missing, browsers don't just shrug and give up. They do something called "sniffing" — they peek inside the file, guess what it is, and act accordingly. An attacker who knows this can upload a file that looks innocent at first glance but is secretly a webpage packed with JavaScript code. When a victim clicks the link to that "attachment," their browser sniffs it, decides it's a webpage, and runs the script — right there, inside the Note Mark application's own trusted address. At that point, the attacker's code has the same level of trust as Note Mark itself, and can steal session cookies, forge requests, or silently exfiltrate private note contents.

Making things worse, the server sends these files with an instruction to display them inline rather than downloading them — meaning the browser renders the content directly instead of saving it to disk, which is exactly what an attacker needs to trigger the script execution. The victim doesn't download a suspicious file. They just click what looks like a shared attachment in an app they trust.

🔬 Technical Anchor — One Detail Worth Sharing:

The root cause is a stored Cross-Site Scripting (XSS) via MIME-type confusion in Note Mark's asset delivery handler. The handler uses magic-byte detection (inspecting raw file headers) to determine content type — a method that cannot identify text-based formats like text/html, image/svg+xml, or application/xhtml+xml, since those formats carry no distinguishing binary signature. The response is sent with an empty Content-Type header and no X-Content-Type-Options: nosniff directive, combined with Content-Disposition: inline. This trifecta creates a textbook browser-sniffing attack surface. CVSS score: 8.7 (HIGH).

Has This Been Exploited? What Do We Know?

As of publication, no active exploitation in the wild has been confirmed. There are no known victim organizations or documented attack campaigns targeting this specific flaw. However, "not yet exploited" is meaningfully different from "safe to ignore" — the attack technique is well-understood, the required skill level is low, and proof-of-concept exploitation requires nothing more than crafting a simple HTML file and having a regular user account on any vulnerable instance.

The vulnerability was disclosed through Note Mark's security process and assigned CVE-2026-40262. The CVSS score of 8.7 reflects the high impact on confidentiality and integrity — the main mitigating factor keeping it below a 9.0 is the requirement for the attacker to already have an authenticated account on the instance. In a shared team environment, that bar is often trivially low.

Security teams running Note Mark on internal networks should treat this as a high-priority patch, not a "monitor and wait" situation. The combination of stored XSS plus session hijacking potential in a tool that handles internal knowledge and private documents is a serious data exposure risk.

What You Should Do Right Now

Update Note Mark immediately. Upgrade your installation beyond version 0.19.1 as soon as a patched release is available from the official Note Mark repository. Check the project's GitHub releases page and changelog for a version that explicitly addresses CVE-2026-40262. If you are running a containerized deployment via Docker, pull the latest image tag and redeploy. Do not remain on any version ≤ 0.19.1.
Audit uploaded assets on your existing instance. Until you can patch, review files that have been uploaded to your Note Mark instance — particularly any .html, .svg, or .xhtml files. These are the formats most easily weaponized by this vulnerability. If your instance is accessible to multiple users, consider temporarily restricting asset upload permissions to trusted administrators only until a patch is applied.
Rotate active sessions and warn your users. If you cannot patch immediately, instruct all users on your instance to log out and back in (invalidating existing session tokens) and to avoid clicking asset attachment links shared by others until the system is updated. If your instance logs HTTP requests, review access logs for unexpected requests to asset URLs — look for patterns like /api/assets/ being accessed from unusual IP addresses or user agents.

For security researchers: This vulnerability is a clean example of why magic-byte MIME detection is insufficient for web-served user content. The fix requires explicit content-type mapping for text-based formats, enforced X-Content-Type-Options: nosniff, and switching asset delivery to Content-Disposition: attachment for non-image file types.