Can Obsidian execute files?

I’m using it on openSUSE for my CTF resolution notes and noticed it interacting with some payloads inside the vault. This behavior seems consistent on Kali Linux as well. On openSUSE, it attempts to search for the application in the virtual store. I believe this could be a vulnerability, but I haven’t explored it further due to time constraints. For instance, if I have an executable named PwdKit in the vault and also created a page with the same name, referencing it as [[PwdKit]] doesn’t bring up the page but rather opens the installer, as shown in the screenshot.

  • Referencing the page with the same name as the payload.

  • Clicking on the reference link launches the application installer.

  • The video below demonstrates the process occurring.

Moved to Help for not following the bug report template. Removed “legacy editor” tag since that’s been removed unless you’re using an old version of the app.

If you have multiple files with the same name and the link doesn’t include a path, I believe it chooses the one that was created earliest. Files that Obsidian can’t handle itself (like executables) are opened in the default app assigned to that file type. In Settings you can hide those file types from the file browser, and there’s a file exclusion setting that will hide or deemphasize the chosen files/folders/.filename patterns in various contexts.

1 Like

It’s in the latest version (1.5.8), so I’ll make the changes you suggested. Thank you very much, and sorry for not following the bug template. I’ll come back later and let you know if it worked.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.