HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-55570Published Modified CNA GitHub_M

CVE-2026-55570: SiYuan: Stored XSS results to Electron RCE in SiYuan marketplace via unescaped `data-obj` attribute (Bypass for CVE-2026-45375's patch)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields (name, version, author, description) when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is produced with JSON.stringify() (which does not escape ', <, or >), a package whose name contains a single quote breaks out of the attribute and injects arbitrary HTML. In the desktop client the main BrowserWindow runs with nodeIntegration: true, contextIsolation: false, so the injected markup escalates from DOM XSS to arbitrary OS command execution. This is the same root cause and same impact as the original advisory, reached through a sibling sink the patch did not cover. This vulnerability is fixed in 3.7.0.

Metrics

CVSS v3.1
9.0
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

Stored cross-site scripting (XSS) leading to remote code execution affects SiYuan, an open-source personal knowledge management system, versions before 3.7.0. The vulnerability is reachable over the network by a low-privileged attacker, but requires a victim to interact with a malicious marketplace package; once triggered, the injected script runs inside an Electron window with Node.js integration enabled and context isolation disabled, giving the attacker full OS command execution on the victim's machine. This is a bypass of the patch for CVE-2026-45375, exploiting a sibling sink left uncovered by that fix. No patched image rebuild is available yet on HarborGuard; the advisory is being tracked for patch availability.

HarborGuard Coverage

Detection

Detection of CVE-2026-55570 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle SiYuan. Any image containing a siyuan-note/siyuan package below version 3.7.0 is flagged immediately on the next scan cycle.

Available
Triage

Triage is available using the CVSS v3.1 score of 9.0 (Critical), weighted against each customer organization's per-environment compliance policy to determine urgency and routing. Findings are directed to the appropriate team inbox within each customer org based on configured ownership rules.

Available
Patch

Because no upstream fix version has been published yet, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment version 3.7.0 or a later fix is confirmed upstream. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be initiated automatically at that point without requiring manual intervention.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must deliver a malicious marketplace package reachable over the network; the vulnerability is exposed via network-accessible package metadata.

  • AuthenticationRequired

    A low-privilege account is sufficient; the attacker needs only enough access to publish or serve a crafted package with a malicious name field.

  • Victim interactionRequired

    The victim must open or browse the SiYuan marketplace and trigger rendering of the malicious package card, making this a social-engineering vector requiring user action.

  • Attack complexityDetail

    Attack complexity is low; the exploit is reliable and condition-free once the malicious package metadata is rendered, requiring no race conditions or special environmental state.

Blast Radius

  • The attacker executes arbitrary OS commands on the victim's machine via Node.js APIs exposed through Electron's nodeIntegration: true configuration.
  • Confidential data stored in the SiYuan knowledge base, including notes and attached files, is readable and exfiltrable.
  • The attacker can write or delete files on the host filesystem, modifying persisted application data or planting malicious files.
  • The affected SiYuan desktop process and any dependent services can be crashed or made permanently unavailable.

How HarborGuard Handles This

Available on HarborGuard: continuous monitoring of this advisory is active, with the CVE matched against all customer images on every ingest cycle. Because no upstream fix has been published, no patched rebuild is available yet. In the interim, customers can apply compensating controls through HarborGuard policy: network-policy isolation to restrict SiYuan container instances from reaching external marketplace endpoints, egress filtering to block outbound connections to untrusted package sources, and feature-flag or entrypoint gating to disable marketplace functionality at the container level. Where compliance policy permits, auto-remediation is configured to trigger a rebuild, regression test run, and PR against affected workloads automatically the moment version 3.7.0 or a confirmed fix version is published upstream and ingested.

See how HarborGuard automates this
Affected packages
  • siyuan-note / siyuan
    < 3.7.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
References