HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-54158Published Modified CNA GitHub_M

CVE-2026-54158: SiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML()

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view (database) cell renderer genAVValueHTML interpolates cell content raw in four of its branches: text, url, phone, and mAsset. A cell value like </textarea><img src=x onerror="..."> or "><img src=x onerror="..."> breaks out of its surrounding tag and runs arbitrary JavaScript in the renderer when the victim opens the block-attribute panel. On Electron desktop the renderer runs with nodeIntegration:true, so the XSS chains to host RCE via require('child_process'). AV files live under the workspace and ride normal sync, so an attacker with write access to any synced workspace plants the payload once and it fires on every device that opens a panel containing that row.he kernel doesn't escape on the way in either, so the malicious cell persists byte-for-byte. There's no equivalent of the html.EscapeAttrVal call that protects block IAL attributes at kernel/model/blockial.go:261. This vulnerability is fixed in 3.7.0.

Metrics

CVSS v3.1
9.9
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

Stored cross-site scripting (XSS) chaining to remote code execution affects SiYuan, the open-source personal knowledge management system, in versions before 3.7.0. The vulnerability is reachable over the network by any authenticated user with write access to a synced workspace; no admin privileges are needed. A malicious cell value in an attribute-view (database) block persists unescaped through the genAVValueHTML() renderer, and on the Electron desktop client (where nodeIntegration is enabled) the injected JavaScript escalates directly to host-level code execution via Node.js child_process. No fix version has been published upstream; HarborGuard is tracking the advisory for patch availability.

HarborGuard Coverage

Detection

Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built images that bundle SiYuan or its dependencies. Any image containing an affected version of siyuan-note/siyuan (below 3.7.0) surfaces in scan results automatically.

Available
Triage

HarborGuard scores this CVE at CVSS 9.9 Critical and weights it against each environment's compliance policy to determine urgency and routing. Findings are dispatched to the appropriate team inbox within the customer organization based on image ownership and policy configuration.

Available
Patch

Because no upstream fix version has been published yet, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment the upstream maintainers ship a corrected release. In the meantime, customers can apply compensating controls through HarborGuard policy rules to flag or block deployment of affected images.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The vulnerable renderer is exposed over the network; an attacker must be able to reach the SiYuan instance to plant the malicious cell value.

  • AuthenticationRequired

    The attacker must hold a low-privilege account with write access to at least one synced workspace; no elevated or admin privileges are needed beyond that.

  • Victim interactionNot required

    No victim interaction is required beyond normal use; the payload fires automatically when any user opens the block-attribute panel containing the malicious row.

  • Attack complexityDetail

    Attack complexity is low: the exploit is reliable and requires no race conditions, special memory layout, or other environmental preconditions.

Blast Radius

  • The attacker reads all data accessible to the SiYuan process, including notes, attachments, and workspace credentials stored on the host.
  • The attacker modifies or deletes workspace content, including injecting additional payloads that ride sync to every connected device.
  • On the Electron desktop client, the XSS escalates to arbitrary host-level command execution via Node.js child_process, giving the attacker a shell on the victim machine.
  • The planted payload persists byte-for-byte in the workspace and re-executes on every device that opens a panel containing the affected row, multiplying impact across all synced users.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix has been released, HarborGuard monitors the SiYuan advisory on every ingest cycle and will trigger patched-image rebuild availability automatically the moment version 3.7.0 or a later corrected release is published upstream. For customers with auto-remediation enabled, that rebuild will be followed by a regression-test run and a PR opened against affected workloads with no manual intervention required. While the fix is pending, HarborGuard supports compensating controls including network-policy isolation to restrict which principals can write to SiYuan workspaces, egress filtering to limit outbound connections from SiYuan containers, and policy rules that block promotion of any image containing an affected siyuan-note/siyuan version to production. Given the critical CVSS score (9.9) and the direct XSS-to-RCE chain on Electron desktop, teams running SiYuan in containerized or shared environments should treat this as a priority item and apply workspace access controls until the upstream patch is available.

See how HarborGuard automates this
Affected packages
  • siyuan-note / siyuan
    < 3.7.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References