Remote Code Execution and Unauthorized Access in Obsidian Canvas 1.1.9

Remote Code Execution and Unauthorized Access in Obsidian Canvas 1.1.9

CVE-2023-27035 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page.

Learn more about our Cis Benchmark Audit For Desktop Software.