A vulnerability labeled as critical has been found in TriliumNext Trilium up to 0.102.1 . Affected by this issue is some unknown functionality of the file /api/clipper/notes of the component Clipper API . Executing a manipulation can lead to improper access controls. This vulnerability appears as CVE-2026-39310 . The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.