Skip to main content

SiYuan CVE-2026-55570

| EUVDEUVD-2026-39102 CRITICAL
Cross-site Scripting (XSS) (CWE-79)
2026-06-24 GitHub_M
9.0
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
9.0 CRITICAL
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
vuln.today AI
9.0 CRITICAL

Attacker must publish a marketplace package (PR:L) and victim must browse it (UI:R); renderer XSS escaping into OS command execution justifies S:C with full C:H/I:H/A:H.

3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch available
Jun 24, 2026 - 23:03 EUVD
Analysis Generated
Jun 24, 2026 - 22:21 vuln.today

DescriptionCVE.org

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields (name, version, author, description) when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is produced with JSON.stringify() (which does not escape ', <, or >), a package whose name contains a single quote breaks out of the attribute and injects arbitrary HTML. In the desktop client the main BrowserWindow runs with nodeIntegration: true, contextIsolation: false, so the injected markup escalates from DOM XSS to arbitrary OS command execution. This is the same root cause and same impact as the original advisory, reached through a sibling sink the patch did not cover. This vulnerability is fixed in 3.7.0.

AnalysisAI

Stored cross-site scripting leading to OS command execution in SiYuan, an open-source personal knowledge management system, affects all desktop client versions prior to 3.7.0. Untrusted marketplace package metadata (name, version, author, description) is serialized via JSON.stringify() into a single-quoted data-obj HTML attribute without escaping single quotes or angle brackets, so a package name containing a single quote breaks out of the attribute and injects arbitrary HTML; because the Electron BrowserWindow runs with nodeIntegration:true and contextIsolation:false, the DOM XSS escalates to arbitrary command execution on the host. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Publish malicious marketplace package with quote in name
Delivery
Victim opens SiYuan marketplace view
Exploit
Payload breaks out of data-obj attribute
Execution
Inject HTML/script into Electron renderer
Persist
Node integration enables child_process call
Impact
Execute arbitrary OS commands on host

Vulnerability AssessmentAI

Exploitation Exploitation requires that the attacker can publish or get a package listed in the SiYuan marketplace whose name (or version, author, or description) contains a single-quote character plus injected HTML, AND that a victim opens the marketplace view in the SiYuan desktop (Electron) client so the malicious card is rendered (UI:R, victim interaction required). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The supplied CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H, base 9.0) reflects a network-reachable, low-complexity flaw that nonetheless requires victim interaction (browsing the marketplace) and some attacker privilege (publishing a package to the marketplace). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker publishes a marketplace package whose name contains a single quote followed by an HTML/script payload. When a victim opens SiYuan's marketplace and the malicious card is rendered, the payload breaks out of the data-obj attribute and executes in the Electron renderer; because Node integration is enabled, the script calls child_process to run attacker-chosen OS commands on the victim's machine. …
Remediation Vendor-released patch: 3.7.0 - upgrade all SiYuan desktop clients to 3.7.0 or later, which adds proper escaping of the untrusted marketplace fields before they reach the data-obj attribute (see https://github.com/siyuan-note/siyuan/security/advisories/GHSA-x88j-wgpr-h22x). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Locate all SiYuan installations (Program Files, /Applications, user directories); immediately disable marketplace features; scan event logs and installation history for any package installations in past 30 days. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Siyuan

View all
CVE-2024-53507 CRITICAL POC
9.8 Nov 29

A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems. Rated critical severity (CVSS 9.8), t

CVE-2024-53506 CRITICAL POC
9.8 Nov 29

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs. R

CVE-2024-53505 CRITICAL POC
9.8 Nov 29

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent. Rated criti

CVE-2024-53504 CRITICAL POC
9.8 Nov 29

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory. Rated c

CVE-2026-23852 CRITICAL POC
9.6 Jan 19

SiYuan personal knowledge management system prior to 3.5.4 has a stored XSS vulnerability (CVSS 9.6) that allows code ex

CVE-2026-54069 CRITICAL POC
9.2 Jun 24

Origin-validation bypass in SiYuan Note (open-source personal knowledge management) before 3.7.0 lets any installed Chro

CVE-2026-29183 CRITICAL POC
9.3 Mar 06

Reflected XSS in SiYuan knowledge management before 3.5.9.

CVE-2026-25539 CRITICAL POC
9.1 Feb 04

SiYuan knowledge management system prior to 3.5.5 has a path traversal in /api/file/copyFile allowing arbitrary file ope

CVE-2024-2692 CRITICAL POC
9.0 Apr 04

SiYuan version 3.0.3 allows executing arbitrary commands on the server. Rated critical severity (CVSS 9.0), this vulnera

CVE-2026-29073 HIGH POC
8.8 Mar 06

SQL injection in SiYuan prior to version 3.6.0 allows any authenticated user, including those with read-only access, to

CVE-2026-34605 HIGH POC
8.6 Mar 31

Cross-site scripting (XSS) in SiYuan personal knowledge management system versions 3.6.0-3.6.1 allows remote attackers t

CVE-2026-54066 HIGH POC
7.5 Jun 24

Arbitrary file disclosure in SiYuan personal knowledge management system before 3.7.0 lets an unauthenticated remote att

Share

CVE-2026-55570 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy