CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



CVE-2026-54158

CVE-2026-54158: Stored Cross-Site Scripting to Host Remote Code Execution in SiYuan

Alon Barad
Alon Barad
Software Engineer

Jul 11, 2026·5 min read·6 visits

Executive Summary (TL;DR)

Missing output escaping in SiYuan's database view renderer combined with insecure Electron configurations enables attackers to escalate Stored XSS into Remote Code Execution via shared workspaces.

A critical-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the SiYuan personal knowledge management system. Due to missing sanitization in the attribute-view cell renderer and an insecure Electron default configuration (nodeIntegration: true), attackers can execute arbitrary commands on the victim's host operating system through synchronized workspaces.

Vulnerability Overview

CVE-2026-54158 is a critical-severity vulnerability in the SiYuan open-source personal knowledge management system. The flaw exists in the frontend attribute-view cell renderer, specifically within the genAVValueHTML function. This component processes database cells for display in the block-attribute panel.

When an attacker inputs malicious HTML payload structures into specific cell types, the application fails to sanitize the output, leading to Stored Cross-Site Scripting. Because the desktop client runs inside an Electron wrapper with insecure defaults, this XSS propagates to Remote Code Execution on the host operating system.

The vulnerability exhibits high risk due to workspace synchronization. Synced workspaces distribute database cell values across all connected devices automatically, triggering the payload on any peer client opening the affected block-attribute panel.

Root Cause Analysis

The root cause is a combination of two distinct security issues: improper output neutralization in the database view renderer and insecure default privileges in the Electron configuration. In standard operations, the Go-based backend kernel sanitizes Inline Attribute List inputs using the html.EscapeAttrVal function.

This sanitization is absent in the attribute-view database engine. Malicious input values are stored byte-for-byte in the local database storage files under the workspace without verification or modifications on ingestion.

During rendering, the frontend function genAVValueHTML processes specific attribute types: text, url, phone, and mAsset. For these four types, the application inserts the raw string directly into the template container instead of encoding it. This allows structured HTML elements to escape their tag contexts.

Code Analysis

In versions prior to 3.7.0, the vulnerable implementation of the genAVValueHTML renderer directly interpolates user input into raw HTML string templates. This lack of escaping allows the user input to close the active textarea block or attribute quotes and inject new DOM nodes.

Consider the following simplified representation of the vulnerable code in the frontend view engine:

// Vulnerable rendering function in versions < 3.7.0
function genAVValueHTML(type, value) {
    switch (type) {
        case 'text':
        case 'url':
        case 'phone':
        case 'mAsset':
            // Vulnerable: Direct interpolation allows HTML injection
            return `<textarea class="av-cell-text">${value}</textarea>`;
        default:
            return escapeHTML(value);
    }
}

The patch implemented in commit 27e0051e0d067892e833df1063cb2fb469600e98 alters the handling of these four branches. Instead of direct template interpolation, the values undergo strict character escaping to sanitize special characters. This prevents the browser from interpreting the input as active code.

// Patched rendering function in version 3.7.0
function genAVValueHTML(type, value) {
    switch (type) {
        case 'text':
        case 'url':
        case 'phone':
        case 'mAsset':
            // Patched: Input is escaped before rendering
            const escapedValue = escapeHTML(value);
            return `<textarea class="av-cell-text">${escapedValue}</textarea>`;
        default:
            return escapeHTML(value);
    }
}

Exploitation Methodology

Exploitation requires write access to a shared or synced database workspace. The attacker inserts a specially crafted payload into a cell of type text, url, phone, or mAsset. Because the backend does not sanitize database cells during write operations, the payload persists exactly as written.

When a user synchronized with the workspace views the containing page and opens the block-attribute panel, the client executes the payload automatically. On the Electron desktop application, the renderer window operates with nodeIntegration set to true, which exposes the native Node.js process and require structures directly to the client-side JavaScript.

The following diagram illustrates the execution flow from the database sync to the operating system command shell:

Impact Assessment

The security impact is classified as Critical with a CVSS v3.1 base score of 9.9. The scope of the vulnerability is changed because the exploit successfully escapes the web browser sandbox and achieves command execution on the host system.

An attacker gains unauthenticated remote command execution under the security context of the user running the SiYuan desktop application. This allows complete access to the local filesystem, execution of arbitrary shell scripts, network reconnaissance, and potential lateral movement within the network environment.

While the EPSS score remains low, this is due to the nature of desktop software requiring workspace collaboration or shared synchronization folders. Targeted attacks against developers, security researchers, and knowledge workers who utilize shared markdown vaults carry a high probability of success if they do not upgrade.

Remediation & Hardening

The primary remediation strategy is upgrading the SiYuan application to version 3.7.0 or later. This release addresses the rendering vulnerability and neutralizes the XSS vector inside the attribute-view renderer.

In environments where an immediate upgrade is unfeasible, administrators should restrict workspace sharing and block synchronization from untrusted repositories. Analyzing local database and attribute-view files for script patterns can assist in detecting potential compromise.

For developers building similar Electron applications, disabling Node integration in the renderer process is critical for defense-in-depth. Setting nodeIntegration to false and enabling contextIsolation to true in the browser window configuration ensures that XSS bugs do not escalate to host compromises.

Fix Analysis (1)

Technical Appendix

CVSS Score
9.9/ 10
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Probability
0.29%
Top 79% most exploited

Affected Systems

SiYuan Desktop Clients (Electron)SiYuan Self-hosted Synced Workspaces

Affected Versions Detail

Product
Affected Versions
Fixed Version
SiYuan
siyuan-note
< 3.7.03.7.0
AttributeDetail
CWE IDCWE-79, CWE-1188
Attack VectorNetwork (AV:N)
CVSS Score9.9 (Critical)
Exploit StatusProof-of-Concept
Access RequiredLow Privileges (PR:L)
User InteractionNone (UI:N)
ImpactRemote Code Execution (RCE)

MITRE ATT&CK Mapping

T1189Drive-by Compromise
Initial Access
T1185Browser Session Hijacking
Collection
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

References & Sources

  • [1]GitHub Security Advisory GHSA-5xfx-xj4h-5p7r
  • [2]NVD Detail Page

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•1 minute ago•GHSA-XRMC-C5CG-RV7X
8.8

GHSA-XRMC-C5CG-RV7X: Security Bypass Vulnerability in safeinstall-cli Command Parser

A high-severity security bypass vulnerability exists in safeinstall-cli up to version 0.10.1. Due to multiple logical limitations in its shell command parsing mechanism (guard-parser), attackers can craft specific shell commands that completely evade the Agent Guard interceptor hooks. This allows arbitrary unverified installations and code executions on the developer system when executed by AI coding agents.

Alon Barad
Alon Barad
0 views•7 min read
•28 minutes ago•GHSA-WM45-QH3G-V83F
7.7

GHSA-WM45-QH3G-V83F: Arbitrary Server-Side File Read and Exfiltration via Attachment Upload in mcp-atlassian

An arbitrary server-side file read vulnerability exists in the mcp-atlassian integration server. Remote clients utilizing SSE or HTTP transports can exploit the lack of directory containment on attachment-upload tools to resolve and read arbitrary host files, exfiltrating them directly to Atlassian Jira or Confluence.

Amit Schendel
Amit Schendel
1 views•8 min read
•about 1 hour ago•GHSA-G5R6-GV6M-F5JV
7.7

GHSA-G5R6-GV6M-F5JV: Arbitrary File Read and Exfiltration in mcp-atlassian via Missing Path Validation

A directory traversal vulnerability exists in the mcp-atlassian integration server prior to version 0.22.0. The confluence_upload_attachment tool fails to restrict the paths of uploaded files, allowing authenticated users or external prompt injection payloads to retrieve and exfiltrate arbitrary files from the server's filesystem into Confluence.

Amit Schendel
Amit Schendel
3 views•7 min read
•about 2 hours ago•CVE-2026-50551
9.9

CVE-2026-50551: Stored Cross-Site Scripting to Remote Code Execution via Attribute View Asset Cell Renderer in SiYuan

A critical-severity stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan's Attribute View database asset cell renderer. This flaw allows low-privilege authenticated users to execute arbitrary JavaScript in the application frontend. In Electron-based desktop clients, this execution context can be leveraged to execute arbitrary native operating system commands, resulting in complete system compromise.

Amit Schendel
Amit Schendel
5 views•6 min read
•about 2 hours ago•GHSA-H4G2-XFMW-Q2C9
8.7

GHSA-H4G2-XFMW-Q2C9: Missing Authentication Bypass in Clauster Configuration Validator

Clauster versions up to and including v0.2.1 suffer from an authentication bypass vulnerability. This issue occurs when Clauster is configured with an authentication method but the master auth.enabled key is omitted or set to false, allowing unauthenticated network access to administrative endpoints and arbitrary code execution through managed Claude Code bridges.

Amit Schendel
Amit Schendel
4 views•5 min read
•about 3 hours ago•GHSA-G936-7JQJ-MWV8
8.3

GHSA-g936-7jqj-mwv8: Administrative Token Leakage and Privilege Escalation in TSDProxy

An authentication bypass and token leakage vulnerability exists in TSDProxy before version 1.4.4. The application unconditionally forwards its internal administrative token to all proxied backend services when identity headers are enabled. Attackers with control over an upstream backend can capture this token and replay it to the local management API to achieve full administrative control over the proxy engine.

Alon Barad
Alon Barad
6 views•7 min read