Severity by source
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
7DescriptionGitHub Advisory
SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/notification/pushMsg accepts a user-controlled msg value, forwards it through the backend broadcast layer, and the frontend inserts it into the DOM with insertAdjacentHTML(...) at message.ts. On desktop builds, this is not limited to ordinary XSS. Electron windows are created with nodeIntegration: true, contextIsolation: false, and webSecurity: false at main.js. As a result, JavaScript executed from the notification sink can directly access Node APIs and escalate to desktop code execution. This vulnerability is fixed in 3.6.5.
AnalysisAI
Authenticated local users can execute arbitrary code on Windows, macOS, and Linux via HTML injection in SiYuan desktop notification messages through version 3.6.4. The Electron-based desktop application mishandles notification rendering with unsafe settings (nodeIntegration enabled, contextIsolation disabled, webSecurity disabled), escalating XSS to full system compromise. Vendor-released patch available in version 3.6.5. No evidence of active exploitation (not in CISA KEV) or public exploit code at time of analysis.
Technical ContextAI
SiYuan is an Electron-based personal knowledge management system written in TypeScript and Go. The vulnerability stems from insecure Electron window configuration combined with unvalidated HTML rendering. The backend API endpoint /api/notification/pushMsg accepts user-controlled msg parameters, broadcasts them through the application's messaging layer, and the frontend message.ts module renders notifications using insertAdjacentHTML() without sanitization. Critically, the Electron windows are initialized with three dangerous flags in main.js: nodeIntegration: true (allows Node.js API access from renderer), contextIsolation: false (disables context separation between app code and web content), and webSecurity: false (bypasses same-origin policy). This configuration transforms ordinary DOM-based XSS into a full Remote Code Execution primitive, as injected JavaScript can directly invoke require('child_process').exec() and similar Node APIs. The CWE-78 classification (OS Command Injection) reflects this escalation path from HTML injection to arbitrary command execution. The affected CPE string cpe:2.3:a:siyuan-note:siyuan indicates all desktop platforms (Windows, macOS, Linux) running the Electron build are vulnerable, as these unsafe Electron settings apply universally across platforms.
RemediationAI
Upgrade SiYuan desktop to version 3.6.5 or later immediately. The vendor patch addresses the root cause by implementing proper input sanitization for notification messages and/or adjusting Electron security settings to enable contextIsolation and disable nodeIntegration in renderer processes. Download the fixed release from the official SiYuan GitHub releases page or project website. If immediate patching is not possible, implement these compensating controls with noted trade-offs: (1) Restrict /api/notification/pushMsg endpoint access through network ACLs or application-layer authentication to prevent unauthorized message injection - this requires modifying reverse proxy or application configuration and may break legitimate notification workflows from plugins or integrations. (2) Disable or restrict third-party plugin loading until patching, as plugins are a common delivery mechanism for malicious notification payloads - this breaks plugin-dependent workflows. (3) Run SiYuan desktop in a sandboxed environment (AppArmor, SELinux, or containerized deployment) to limit command execution impact - this requires infrastructure changes and may interfere with filesystem access for knowledge base storage. None of these mitigations fully eliminate the vulnerability; upgrading to 3.6.5 is the only complete remediation. Refer to vendor advisory GHSA-grjj-6f6g-cq8q for additional context.
Same weakness CWE-78 – OS Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25614