Intelligence
criticalVulnerabilityActive

SiYuan Stored XSS to RCE via Unescaped Attribute View Asset Rendering

SiYuan v3.6.5 and earlier contain stored XSS in database asset cells that escalates to RCE via Electron's enabled nodeIntegration. The vulnerability exists in two unescaped rendering sinks that execute arbitrary JavaScript with Node.js access on page load.

S
Sebastion

CVE References

Affected

SiYuan/SiYuan <=3.6.5

Vulnerability Description

This is a stored XSS vulnerability in SiYuan's Attribute View (database) asset cell renderer that escalates to Remote Code Execution due to dangerous Electron process configuration. The root cause is inconsistent output encoding: while a prior vulnerability (CVE-2026-44588) was patched with escapeAriaLabel() (double-escapes <), the asset cell renderers still use the weaker escapeAttr() function (escapes only quotes) or zero escaping. Two distinct sinks are vulnerable: (1) the URL cell renderer at cell.ts:1008 where item.name and item.content are rendered raw into HTML content without escaping, and (2) the image cell renderer at blockAttr.ts:93 where item.content is placed directly into an aria-label attribute with no escaping. Both sinks are rendered via innerHTML assignment in action.ts:860, causing immediate JavaScript execution on page load.

PoC Significance

The PoC demonstrates that database asset cells accept stored user-controlled content that persists in the application state. When a project containing malicious asset data is reopened, the payload triggers automatically without user interaction beyond viewing the affected database. The reliability is high because: (1) no browser sandbox protections apply (Electron's contextIsolation: false), (2) no Content Security Policy restrictions block inline execution, and (3) stored data survives application restarts. The precondition is minimal—any user with permission to edit an asset field in a database view can inject the payload, and in collaborative or shared vault scenarios, this may not require administrator privileges.

Detection Guidance

Log Indicators: Monitor SiYuan application logs for unusual JavaScript patterns in database asset cell content, specifically strings containing <script>, event handlers (onerror=, onload=), or backtick template literals in stored attributes. File-based Detection: Examine SiYuan project data files (typically .sy JSON stores) for asset cell values containing HTML/JavaScript patterns. Memory Signatures: In running processes, detect require('child_process') calls originating from the renderer process (PID analysis). Network Detection: Monitor for unexpected child process spawning from SiYuan (e.g., PowerShell, bash, cmd.exe as children of siyuan.exe or Electron process).

Mitigation Steps

Immediate Actions: (1) Upgrade SiYuan to a patched version >3.6.5 that applies proper context-aware output encoding (e.g., escapeAriaLabel() consistently across all asset cell renderers). (2) Audit existing projects for suspicious asset cell content and remove/sanitize. (3) Disable or restrict sharing of .sy database files with untrusted sources. Hardening: (1) Request the development team disable nodeIntegration: true and enable contextIsolation: true in Electron configuration (app/electron/main.js:307). (2) Implement a Content Security Policy that prohibits inline scripts and restricts require() usage. (3) Use a library like DOMPurify or the OWASP HTML Sanitizer for all user-controlled content rendered to the DOM.

Risk Assessment

Exploitation Likelihood: High in the wild. The vulnerability requires only database editing capability (low barrier for local users or collaborators) and triggers automatically on project load (no additional user action). Threat Actor Interest: Critical. The escalation from XSS to RCE in an Electron desktop client provides attackers with code execution in the context of the user running SiYuan, potentially enabling data exfiltration, lateral movement, or persistence. Organizations using SiYuan for sensitive note-taking or documentation are high-value targets. Timeline Urgency: Patches should be deployed immediately; defenders should assume active exploitation is possible once proof-of-concept details circulate widely.