Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionGitHub Advisory
SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, <img> tags with src attributes survive Mermaid's internal DOMPurify and land in SVG <foreignObject> blocks. The SVG is injected via innerHTML with no secondary sanitization. When a victim opens a note containing a malicious Mermaid diagram, the Electron client fetches the URL. On Windows, a protocol-relative URL (//attacker.com/image.png) resolves as a UNC path (\\attacker.com\image.png). Windows attempts SMB authentication automatically, sending the victim's NTLMv2 hash to the attacker. This vulnerability is fixed in 3.6.4.
AnalysisAI
NTLM credential theft in SiYuan personal knowledge management system (prior to 3.6.4) allows remote attackers to capture Windows user password hashes without authentication or user interaction. Misconfigured Mermaid.js rendering with securityLevel:loose permits unsanitized <img> tags within SVG foreignObject blocks. Protocol-relative URLs in malicious Mermaid diagrams trigger automatic SMB authentication on Windows, transmitting NTLMv2 hashes to attacker-controlled servers when victims open compromised notes. Electron client processes the SVG via innerHTML without secondary sanitization, enabling SSRF to UNC paths.
Technical ContextAI
Root cause combines CWE-918 SSRF with unsafe Mermaid.js configuration. securityLevel:loose bypasses DOMPurify restrictions; htmlLabels:true enables HTML injection in SVG foreignObject elements. innerHTML injection creates unvalidated network requests. Windows SMB auto-authentication converts protocol-relative URLs (//attacker.com) to UNC paths (\\attacker.com), forcing NTLM handshake without user prompt. CPE covers Electron-based desktop clients on all platforms (cpe:2.3:a:b3log:siyuan:*:*:*:*:*:*:*:*).
RemediationAI
Vendor-released patch: upgrade to SiYuan 3.6.4 immediately. Version 3.6.4 enforces stricter Mermaid.js securityLevel configuration and implements secondary sanitization of SVG content before DOM injection. Users unable to upgrade should disable Mermaid diagram rendering in application settings and avoid opening untrusted notes until patched. Windows environments face highest risk; consider network-level blocking of outbound SMB (ports 445, 139) to mitigate hash exfiltration. For technical details and vendor confirmation, review the official security advisory at https://github.com/siyuan-note/siyuan/security/advisories/GHSA-w95v-4h65-j455. No public exploit identified at time of analysis. Authentication requirement: unauthenticated (CVSS PR:N).
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21148
GHSA-w95v-4h65-j455