Skip to main content

SiYuan CVE-2026-54070

| EUVDEUVD-2026-39126 HIGH
Cross-site Scripting (XSS) (CWE-79)
2026-06-24 GitHub_M GHSA-w7cg-whh7-xp28
7.1
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
7.1 HIGH
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
vuln.today AI
7.1 HIGH

Attacker (package author) needs no privileges on the target (PR:N), but exploitation requires an Administrator to grant marketplace trust and interact with the listing (UI:R, AC:H); script in the origin yields high C/I and limited A.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
4.0 AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low

Lifecycle Timeline

2
Patch available
Jun 24, 2026 - 23:03 EUVD
Analysis Generated
Jun 24, 2026 - 22:17 vuln.today

DescriptionCVE.org

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, renderPackageREADME in kernel/bazaar/readme.go renders a Bazaar package README from Markdown to HTML with the lute engine and SetSanitize(true). The lute sanitizer is an event-handler blocklist: allowAttr rejects only attribute names present in a fixed eventAttrs map copied from the w3schools legacy handler list. That map omits modern event handlers. onpointerover, onpointerdown, onauxclick, onbeforetoggle, onfocusin, onanimationstart, and ontransitionend are not in the list, so the sanitizer passes them through verbatim on any tag. The frontend assigns the rendered HTML to mdElement.innerHTML in app/src/config/bazaar.ts with no client-side DOMPurify on this path, into a normal element in the main document (no iframe, no sandbox). The kernel sends no Content-Security-Policy, X-Frame-Options, or X-Content-Type-Options header on any response, so an inline handler runs when its event fires. The README is rendered when an Administrator opens a package in Settings → Marketplace, after the one-time marketplace trust consent. Install is not required. Result: a third-party Bazaar package author runs JavaScript in the Administrator's authenticated SiYuan origin when the Administrator views and interacts with the package listing, and gains full control of the workspace. This vulnerability is fixed in 3.7.0.

AnalysisAI

Stored cross-site scripting in SiYuan personal knowledge management system before 3.7.0 allows a third-party Bazaar package author to execute JavaScript in an Administrator's authenticated workspace origin. The lute sanitizer used by renderPackageREADME relies on a stale event-handler blocklist that omits modern DOM event attributes (onpointerover, onpointerdown, onauxclick, onbeforetoggle, onfocusin, onanimationstart, ontransitionend), and the rendered README HTML is injected via innerHTML with no client-side DOMPurify and no CSP/X-Frame-Options/X-Content-Type-Options headers. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Publish malicious Bazaar package with event-handler payload
Delivery
Administrator opens listing in Settings
Exploit
Marketplace
Install
README rendered to innerHTML, handler passes sanitizer
C2
Admin interaction fires onpointerover/onbeforetoggle
Execute
Script executes in authenticated SiYuan origin
Impact
Full workspace takeover

Vulnerability AssessmentAI

Exploitation Exploitation requires the SiYuan instance to be older than 3.7.0 and the victim to be an Administrator who has already accepted the one-time Marketplace trust consent, then opens an attacker-published Bazaar package in Settings → Marketplace and interacts with the listing (e.g., hovers, clicks, or otherwise triggers a pointer/toggle/focusin/animation/transition event) so the injected inline handler fires. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L, base 7.1) is internally consistent with the description: network-reachable, but high complexity and required user interaction reflect that an Administrator must first grant one-time marketplace trust consent, then open a malicious package and interact with the listing to trigger an event handler. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A malicious author publishes a Bazaar package whose README contains a benign-looking element carrying an inline modern event handler such as onpointerover or onbeforetoggle with a JavaScript payload. An Administrator browsing Settings → Marketplace opens the package listing and moves the pointer over or interacts with the rendered content, firing the handler; the script runs in the authenticated SiYuan origin and can take full control of the workspace. …
Remediation Vendor-released patch: 3.7.0 - upgrade SiYuan to 3.7.0 or later, which fixes the renderPackageREADME sanitization gap, as documented in the advisory at https://github.com/siyuan-note/siyuan/security/advisories/GHSA-w7cg-whh7-xp28. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Audit all deployed SiYuan installations, identify active version numbers, and compile a list of installed Bazaar packages; restrict or disable Bazaar package installation capabilities until mitigations are implemented. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Siyuan

View all
CVE-2024-53507 CRITICAL POC
9.8 Nov 29

A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems. Rated critical severity (CVSS 9.8), t

CVE-2024-53506 CRITICAL POC
9.8 Nov 29

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs. R

CVE-2024-53505 CRITICAL POC
9.8 Nov 29

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent. Rated criti

CVE-2024-53504 CRITICAL POC
9.8 Nov 29

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory. Rated c

CVE-2026-23852 CRITICAL POC
9.6 Jan 19

SiYuan personal knowledge management system prior to 3.5.4 has a stored XSS vulnerability (CVSS 9.6) that allows code ex

CVE-2026-54069 CRITICAL POC
9.2 Jun 24

Origin-validation bypass in SiYuan Note (open-source personal knowledge management) before 3.7.0 lets any installed Chro

CVE-2026-29183 CRITICAL POC
9.3 Mar 06

Reflected XSS in SiYuan knowledge management before 3.5.9.

CVE-2026-25539 CRITICAL POC
9.1 Feb 04

SiYuan knowledge management system prior to 3.5.5 has a path traversal in /api/file/copyFile allowing arbitrary file ope

CVE-2024-2692 CRITICAL POC
9.0 Apr 04

SiYuan version 3.0.3 allows executing arbitrary commands on the server. Rated critical severity (CVSS 9.0), this vulnera

CVE-2026-29073 HIGH POC
8.8 Mar 06

SQL injection in SiYuan prior to version 3.6.0 allows any authenticated user, including those with read-only access, to

CVE-2026-34605 HIGH POC
8.6 Mar 31

Cross-site scripting (XSS) in SiYuan personal knowledge management system versions 3.6.0-3.6.1 allows remote attackers t

CVE-2026-54066 HIGH POC
7.5 Jun 24

Arbitrary file disclosure in SiYuan personal knowledge management system before 3.7.0 lets an unauthenticated remote att

Share

CVE-2026-54070 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy