SiYuan Flaws Exposed Files and Enabled Desktop Command Execution
SiYuan disclosed two high-severity vulnerabilities affecting its personal knowledge management platform, including an arbitrary file-read issue tracked as CVE-2026-32938 and a stored XSS flaw tracked as CVE-2026-34448. In SiYuan 3.6.0 and earlier, the desktop publish service endpoint /api/lute/html2BlockDOM could copy local files referenced through file:// links into the workspace assets directory without properly validating sensitive paths. Because authenticated users could then access GET /assets/*path, a publish-service visitor could exfiltrate readable local files from the desktop environment. The issue was fixed in 3.6.1.
A separate flaw in SiYuan before 3.6.2 allowed an attacker to plant a malicious URL in an Attribute View field and trigger stored XSS when a victim opened Gallery or Kanban views configured with "Cover From -> Asset Field". The application accepted arbitrary HTTP(S) URLs without extensions as images and injected them into an <img src="..."> attribute without escaping. In the Electron desktop client, where nodeIntegration was enabled and contextIsolation was disabled, the XSS could escalate to arbitrary operating-system command execution under the victim’s account. SiYuan patched the command-execution path in 3.6.2, leaving affected organizations to prioritize upgrades across both releases.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
CVE-2026-34448 disclosed for SiYuan stored XSS in Attribute View
CVE-2026-34448 was disclosed on March 31, 2026, describing a stored XSS flaw in SiYuan's Attribute View gallery and kanban cover rendering. An attacker able to place a malicious URL in an Attribute View field could trigger code execution when a victim opened the affected view with cover rendering enabled.
SiYuan patches stored XSS-to-RCE flaw in version 3.6.2
SiYuan fixed a stored XSS vulnerability in version 3.6.2 that affected versions prior to 3.6.2. In the Electron desktop client, the bug could escalate to arbitrary OS command execution because nodeIntegration was enabled and contextIsolation was disabled.
GitHub advisory discloses CVE-2026-32938 in SiYuan
A GitHub security advisory disclosed CVE-2026-32938 on March 20, 2026. The issue affected SiYuan's Desktop Publish Service and was classified as an arbitrary file read vulnerability.
SiYuan fixes arbitrary file read in version 3.6.1
SiYuan addressed an arbitrary file read vulnerability affecting version 3.6.0 and earlier in release 3.6.1. The flaw allowed a publish-service visitor to cause the desktop kernel to copy readable local files into workspace assets and retrieve them, enabling sensitive file exfiltration.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
CVE-2026-34448 - SiYuan: Stored XSS in Attribute View gallery/kanban cover rendering allows arbitrary command execution in the desktop client
cvefeed.io
Open sourceCVE-2026-34449 - SiYuan: Cross-Origin RCE via Permissive CORS Policy and JavaScript Snippet Injection
cvefeed.io
Open sourceCVE-2026-32938 - SiYuan has an Arbitrary File Read in its Desktop Publish Service
cvefeed.io
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
SiYuan Mermaid Rendering Flaws Expose NTLM Hashes and Enable Electron RCE
GitHub security advisories disclosed two high-severity vulnerabilities in **SiYuan** that stem from unsafe Mermaid diagram rendering in versions `3.6.3` and earlier. In `CVE-2026-40107`, SiYuan rendered Mermaid content with `securityLevel="loose"` and `htmlLabels` enabled, allowing attacker-controlled `img` tags to survive sanitization and be injected into SVG `foreignObject` content through `innerHTML`. When a victim opens a malicious note, the Electron client can fetch an attacker-controlled URL; on Windows, protocol-relative paths may resolve to UNC shares and trigger automatic SMB authentication, leaking the victim's **NTLMv2** hash. The issue was fixed in version `3.6.4` and mapped to `CWE-918`. A second flaw, `CVE-2026-40322`, used the same Mermaid configuration weakness to allow `javascript:` links to persist in rendered SVG output, creating a stored **XSS** condition. In SiYuan's Electron desktop application, where `nodeIntegration` was enabled and `contextIsolation` disabled, the bug could be escalated to arbitrary code execution if a user opened a malicious note and clicked the rendered diagram node. The vulnerability affects the same pre-`3.6.4` release line and is mapped to `CWE-79` and `CWE-94`, with advisory details describing high impact to confidentiality, integrity, and availability.
Apr 17, 2026
Cross-Site Scripting Vulnerabilities in SiYuan, Angular, and @leanprover/unicode-input-component
Multiple newly reported **cross-site scripting (XSS)** vulnerabilities affect unrelated software products, including **SiYuan**, **Angular**, and **@leanprover/unicode-input-component**. In SiYuan, incomplete SVG sanitization can let an unauthenticated attacker deliver a crafted URL that executes arbitrary JavaScript in the application's origin, enabling theft of session tokens, cookies, and API keys, as well as unauthorized access to notes, document contents, and configuration data. In Electron-based deployments, the impact may escalate to **remote code execution** if insecure web preferences such as `nodeIntegration` are enabled or `contextIsolation` is disabled. Angular disclosed a separate XSS flaw, tracked as **CVE-2026-32635**, caused by a sanitization bypass involving internationalized security-sensitive attributes such as `href` when combined with untrusted data binding; fixed versions include `22.0.0-next.3`, `21.2.4`, `20.3.18`, and `19.2.20`. A third, distinct issue, **CVE-2026-32732**, affects **@leanprover/unicode-input-component** and allows arbitrary JavaScript execution in a victim's browser session, potentially enabling session abuse, data access, and unauthorized backend requests. These are separate vulnerability disclosures rather than a single coordinated incident, and the content is substantive security reporting rather than fluff.
Apr 1, 2026
Code Execution Flaws Expose Vim netrw and SiYuan Users to Endpoint Compromise
Two newly disclosed vulnerabilities affect widely used desktop productivity tools and could let attackers execute code in the context of the logged-in user. **CVE-2026-28417** impacts Vim's `netrw` plugin and allows OS command injection with user interaction, potentially exposing the victim's files, environment variables, and active authentication tokens. The issue is rated **CVSS 4.4 (Medium)** and appears limited to local exploitation, but it could still support persistence, sensitive file theft, or follow-on lateral movement from a developer workstation. A more severe flaw, **CVE-2026-39846**, affects the SiYuan Electron client and enables remote code execution through a stored XSS condition delivered via synchronized note content. The vulnerability carries a **CVSS 9.1** rating and can be triggered when a user opens a malicious synchronized note, allowing silent background execution with the victim user's privileges. Reporting indicates a proof of concept exists, making targeted compromise plausible even though neither issue was reported as actively exploited at disclosure and the Vim flaw was not listed in CISA's Known Exploited Vulnerabilities catalog.
Apr 8, 2026