HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-54067Published Modified CNA GitHub_M

CVE-2026-54067: SiYuan: Stored XSS to RCE via CSS-snippet <style> breakout in renderSnippet()

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing </style> breaks out of its surrounding <style> tag when renderSnippet() interpolates it via insertAdjacentHTML. A payload like runs arbitrary JavaScript in the renderer. On Electron desktop builds the renderer runs with nodeIntegration:true, so require('child_process') is reachable from the injected handler and the XSS chains to host RCE. Snippets sync via the workspace repository, so an attacker with write access to any synced workspace plants the payload once and it fires on every device that pulls. The bug also bypasses the user's enabledCSS / enabledJS separation. A user who turned enabledJS off was making a deliberate call not to run untrusted JavaScript; the CSS path runs it anyway. This vulnerability is fixed in 3.7.0.

Metrics

CVSS v3.1
9.9
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A stored cross-site scripting (XSS) to remote code execution (RCE) chain exists in SiYuan, an open-source personal knowledge management system, affecting versions before 3.7.0. The vulnerability is reachable over the network by any authenticated user with low privileges, requires no victim interaction, and stems from unsafe HTML interpolation in the renderSnippet() function that allows a CSS snippet to break out of its surrounding style tag and inject arbitrary JavaScript. On Electron desktop builds, the injected script reaches Node.js internals directly, giving an attacker full host-level code execution; because snippets sync across workspace devices, a single planted payload executes on every device that pulls the workspace. No fix version has been published upstream; HarborGuard tracks this advisory for patch availability.

HarborGuard Coverage

Detection

Detection of CVE-2026-54067 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that package SiYuan, in both registry scans and CI pipeline checks.

Available
Triage

Triage is available with the full CVSS v3.1 score of 9.9 (Critical), weighted further by any per-environment compliance policy configured inside each customer organization, and routed automatically to the inbox of the team responsible for the affected image.

Available
Patch

Because no upstream fix version has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment a fix is released upstream. For customers with auto-remediation enabled, the rebuild, a regression-test run, and a PR against affected workloads will be triggered automatically at that point.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the SiYuan service over the network to plant or trigger the malicious CSS snippet.

  • AuthenticationRequired

    A low-privilege account with write access to any synced workspace is sufficient to plant the payload; no admin rights are needed.

  • Victim interactionNot required

    No victim action is needed beyond the normal workspace sync pull that happens automatically on each connected device.

  • Attack complexityDetail

    Exploitation is reliable and condition-free once workspace write access is obtained; no race conditions or special memory layout are required.

Blast Radius

  • On Electron desktop builds, the injected script calls require('child_process') and executes arbitrary commands on the host operating system of every device that syncs the workspace.
  • The payload reads any data accessible to the desktop process, including files, environment variables, and credentials stored on disk.
  • The attacker can write or modify files on the host, install persistence mechanisms, or pivot to other services the user is authenticated to.
  • The exploit bypasses the user's explicit enabledJS-off setting, running untrusted JavaScript through the CSS snippet path regardless of that control.

How HarborGuard Handles This

Available on HarborGuard: any image packaging SiYuan below version 3.7.0 is flagged as affected by this Critical-severity CVE at ingest time, with results surfaced in both registry scans and pipeline checks. Because no upstream fix exists yet, HarborGuard monitors the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment a fix is published. For customers with auto-remediation enabled, that rebuild will be followed immediately by a regression-test run and a PR opened against affected workloads. In the interim, compensating controls worth considering include isolating the SiYuan service behind a network policy that restricts who can write to shared workspaces, disabling workspace sync for untrusted collaborators at the application or network level, and treating any CSS snippet sourced from external contributors as untrusted input until the patch is available.

See how HarborGuard automates this
Affected packages
  • siyuan-note / siyuan
    < 3.7.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References