Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionGitHub Advisory
SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another user can trigger remote code execution in the SiYuan Electron desktop client. The root cause is that table caption content is stored without safe escaping and later unescaped into rendered HTML, creating a stored XSS sink. Because the desktop renderer runs with nodeIntegration enabled and contextIsolation disabled, attacker-controlled JavaScript executes with access to Node.js APIs. In practice, an attacker can import a crafted note into a synced workspace, wait for the victim to sync, and achieve code execution when the victim opens the note. This vulnerability is fixed in 3.6.4.
AnalysisAI
Remote code execution in SiYuan desktop client (Electron-based) versions prior to 3.6.4 allows authenticated attackers to execute arbitrary code on victim systems via malicious notes propagated through workspace sync. Stored XSS in table caption fields escalates to RCE due to nodeIntegration enabled and contextIsolation disabled in Electron renderer. CVSS 9.0 (Critical) with scope change indicates escape from browser context. No active exploitation confirmed (not in CISA KEV). EPSS score 0.14% suggests low current exploitation probability. Vendor-released patch: version 3.6.4.
Technical ContextAI
SiYuan is an Electron-based personal knowledge management system with multi-device synchronization. The vulnerability affects the desktop client (cpe:2.3:a:siyuan-note:siyuan) where table caption content undergoes unsafe HTML rendering. The root cause is CWE-79 (Cross-Site Scripting) combined with insecure Electron configuration. In Electron applications, nodeIntegration:true grants renderer processes access to Node.js APIs (filesystem, child_process, native modules), while contextIsolation:false removes the security boundary between preload scripts and web content. These deprecated settings, intended for legacy compatibility, allow JavaScript XSS payloads to directly invoke require() and execute system commands. The sync mechanism propagates malicious notes between users' workspaces, turning a local XSS into a wormable attack vector. This represents a common Electron security anti-pattern where web content security assumptions (XSS = browser sandbox escape only) fail catastrophically when combined with Node.js API access.
RemediationAI
Upgrade immediately to SiYuan version 3.6.4 or later, which implements proper HTML escaping for table caption content and likely addresses the insecure Electron configuration (nodeIntegration/contextIsolation settings). Download from official GitHub releases at https://github.com/siyuan-note/siyuan/releases. For environments where immediate upgrade is not feasible, implement compensating controls: disable workspace sync functionality to prevent propagation of malicious notes (eliminates attack vector but breaks collaboration features-acceptable only for single-user deployments), restrict note import capabilities to trusted sources only through access controls, and deploy endpoint detection monitoring for suspicious child process creation from Electron renderer processes (siyuan.exe spawning cmd.exe, powershell.exe, or bash-high false-positive risk in legitimate automation scenarios). Network-level controls are ineffective since the malicious content arrives via legitimate sync protocol. Administrative note review before sync is impractical at scale. No workaround fully mitigates risk-upgrade to 3.6.4 is the only complete fix.
FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t
Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19973
GHSA-phhp-9rm9-6gr2