CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2026-41894 – SiYuan: Incomplete Fix Bypass for CVE-2026-30869: Path Traversal via Double URL Encoding in `/export/` Endpoint
https://notcve.org/view.php?id=CVE-2026-41894
24 Apr 2026 — SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check (IsSensitivePath) but did not address the root cause — a redundant url.PathUnescape() call in serveExport(). An authenticated attacker can use double URL encoding (%252e%252e) to traverse directories and read arbitrary workspace files including the full SQLite database (siyuan.db), kernel log, and all user documents. This vulnerability is fixed in 3.6.5. • https://github.com/siyuan-note/siyuan/commit/bb481e1290c4a34255652ede85a546504505d2a7 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2026-41421 – SiYuan Desktop Notification XSS Leads to Electron RCE
https://notcve.org/view.php?id=CVE-2026-41421
24 Apr 2026 — SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/notification/pushMsg accepts a user-controlled msg value, forwards it through the backend broadcast layer, and the frontend inserts it into the DOM with insertAdjacentHTML(...) at message.ts. On desktop builds, this is not limited to ordinary XSS. Electron windows are created with nodeIntegration: true, contextIs... • https://github.com/siyuan-note/siyuan/security/advisories/GHSA-grjj-6f6g-cq8q • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2026-40322 – SiYuan: Mermaid `javascript:` Link Injection Leads to Stored XSS and Electron RCE
https://notcve.org/view.php?id=CVE-2026-40322
16 Apr 2026 — SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the DOM via innerHTML. This allows attacker-controlled javascript: URLs in Mermaid code blocks to survive into the rendered output. On desktop builds using Electron, windows are created with nodeIntegration enabled and contextIsolation disabled, escalating the stored XSS to arbitrary code execution when a victim op... • https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-40318 – SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`
https://notcve.org/view.php?id=CVE-2026-40318
16 Apr 2026 — SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs a filesystem path using the user-controlled id parameter without validation or path boundary enforcement. An attacker can inject path traversal sequences such as ../ into the id value to escape the intended directory and delete arbitrary .json files on the server, including global configuration files and workspace metadata. This issue has been fixed in version... • https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4 • CWE-24: Path Traversal: '../filedir' •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2026-40259 – SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via removeUnusedAttributeView API
https://notcve.org/view.php?id=CVE-2026-40259
16 Apr 2026 — SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a caller-controlled id directly to a model function that unconditionally deletes the corresponding attribute view file from the workspace without verifying that the caller has write privileges or that the target attribute view is actually unused. An authenticate... • https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4 • CWE-285: Improper Authorization •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2026-40107 – SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering
https://notcve.org/view.php?id=CVE-2026-40107
09 Apr 2026 — SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, <img> tags with src attributes survive Mermaid's internal DOMPurify and land in SVG <foreignObject> blocks. The SVG is injected via innerHTML with no secondary sanitization. When a victim opens a note containing a malicious Mermaid diagram, the Electron client fetches the URL. • https://github.com/siyuan-note/siyuan/security/advisories/GHSA-w95v-4h65-j455 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2026-39846 – SiYuan affected by Remote Code Execution in the Electron desktop client via stored XSS in synced table captions
https://notcve.org/view.php?id=CVE-2026-39846
07 Apr 2026 — SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another user can trigger remote code execution in the SiYuan Electron desktop client. The root cause is that table caption content is stored without safe escaping and later unescaped into rendered HTML, creating a stored XSS sink. Because the desktop renderer runs with nodeIntegration enabled and contextIsolation disabled, attacker-controlled JavaScript executes with access to Node.js APIs. In practice, an attacker ... • https://github.com/siyuan-note/siyuan/security/advisories/GHSA-phhp-9rm9-6gr2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2026-34585 – SiYuan: Stored XSS in imported .sy.zip content leads to arbitrary command execution
https://notcve.org/view.php?id=CVE-2026-34585
31 Mar 2026 — SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a .sy document, package it as a .sy.zip, and have the victim import it through the normal Import -> SiYuan .sy.zip workflow. Once the note is opened, the malicious attribute breaks out of its original HTML context and injects an event... • https://github.com/siyuan-note/siyuan/issues/17246 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2026-34449 – SiYuan: Cross-Origin RCE via Permissive CORS Policy and JavaScript Snippet Injection
https://notcve.org/view.php?id=CVE-2026-34449
31 Mar 2026 — SiYuan is a personal knowledge management system. Prior to version 3.6.2, a malicious website can achieve Remote Code Execution (RCE) on any desktop running SiYuan by exploiting the permissive CORS policy (Access-Control-Allow-Origin: * + Access-Control-Allow-Private-Network: true) to inject a JavaScript snippet via the API. The injected snippet executes in Electron's Node.js context with full OS access the next time the user opens SiYuan's UI. No user interaction is required beyond visiting the malicious w... • https://github.com/siyuan-note/siyuan/issues/17246 • CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2026-34448 – SiYuan: Stored XSS in Attribute View gallery/kanban cover rendering allows arbitrary command execution in the desktop client
https://notcve.org/view.php?id=CVE-2026-34448
31 Mar 2026 — SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From -> Asset Field” enabled. The vulnerable code accepts arbitrary http(s) URLs without extensions as images, stores the attacker-controlled string in coverURL, and injects it directly into an <img src=".. • https://github.com/siyuan-note/siyuan/issues/17246 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •