SiYuan Mermaid Rendering Flaws Expose NTLM Hashes and Enable Electron RCE
GitHub security advisories disclosed two high-severity vulnerabilities in SiYuan that stem from unsafe Mermaid diagram rendering in versions 3.6.3 and earlier. In CVE-2026-40107, SiYuan rendered Mermaid content with securityLevel="loose" and htmlLabels enabled, allowing attacker-controlled img tags to survive sanitization and be injected into SVG foreignObject content through innerHTML. When a victim opens a malicious note, the Electron client can fetch an attacker-controlled URL; on Windows, protocol-relative paths may resolve to UNC shares and trigger automatic SMB authentication, leaking the victim's NTLMv2 hash. The issue was fixed in version 3.6.4 and mapped to CWE-918.
A second flaw, CVE-2026-40322, used the same Mermaid configuration weakness to allow javascript: links to persist in rendered SVG output, creating a stored XSS condition. In SiYuan's Electron desktop application, where nodeIntegration was enabled and contextIsolation disabled, the bug could be escalated to arbitrary code execution if a user opened a malicious note and clicked the rendered diagram node. The vulnerability affects the same pre-3.6.4 release line and is mapped to CWE-79 and CWE-94, with advisory details describing high impact to confidentiality, integrity, and availability.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
GitHub advisory discloses CVE-2026-40322 for SiYuan
A GitHub security advisory disclosed CVE-2026-40322, detailing a stored XSS issue in SiYuan's Mermaid rendering that could be escalated to arbitrary code execution in Electron desktop builds. The flaw required a victim to open a malicious note and click a rendered diagram node, and affected version 3.6.3 and earlier.
GitHub advisory discloses CVE-2026-40107 for SiYuan
A GitHub security advisory published CVE-2026-40107, describing how malicious Mermaid content in SiYuan could trigger attacker-controlled requests and, on Windows, leak a victim's NTLMv2 hash via automatic SMB authentication to a UNC path. The issue was associated with Mermaid securityLevel set to loose and htmlLabels surviving sanitization.
SiYuan fixes Mermaid rendering flaws in version 3.6.4
SiYuan version 3.6.4 fixed multiple Mermaid-related vulnerabilities, including a zero-click NTLM hash theft and blind SSRF issue as well as a javascript: link injection flaw that could lead to stored XSS and Electron RCE. Both issues affected earlier 3.6.x versions and were tied to insecure Mermaid rendering settings and unsafe DOM injection.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
CVE-2026-40322 - SiYuan: Mermaid `javascript:` Link Injection Leads to Stored XSS and Electron RCE
cvefeed.io
Open sourceCVE-2026-40107 - SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering
cvefeed.io
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
SiYuan Flaws Exposed Files and Enabled Desktop Command Execution
SiYuan disclosed two high-severity vulnerabilities affecting its personal knowledge management platform, including an arbitrary file-read issue tracked as **`CVE-2026-32938`** and a stored XSS flaw tracked as **`CVE-2026-34448`**. In SiYuan **3.6.0 and earlier**, the desktop publish service endpoint **`/api/lute/html2BlockDOM`** could copy local files referenced through **`file://`** links into the workspace assets directory without properly validating sensitive paths. Because authenticated users could then access **`GET /assets/*path`**, a publish-service visitor could exfiltrate readable local files from the desktop environment. The issue was fixed in **3.6.1**. A separate flaw in SiYuan **before 3.6.2** allowed an attacker to plant a malicious URL in an Attribute View field and trigger stored XSS when a victim opened Gallery or Kanban views configured with **"Cover From -> Asset Field"**. The application accepted arbitrary HTTP(S) URLs without extensions as images and injected them into an **`<img src="...">`** attribute without escaping. In the Electron desktop client, where **`nodeIntegration`** was enabled and **`contextIsolation`** was disabled, the XSS could escalate to arbitrary operating-system command execution under the victim’s account. SiYuan patched the command-execution path in **3.6.2**, leaving affected organizations to prioritize upgrades across both releases.
Apr 1, 2026
Cross-Site Scripting Vulnerabilities in SiYuan, Angular, and @leanprover/unicode-input-component
Multiple newly reported **cross-site scripting (XSS)** vulnerabilities affect unrelated software products, including **SiYuan**, **Angular**, and **@leanprover/unicode-input-component**. In SiYuan, incomplete SVG sanitization can let an unauthenticated attacker deliver a crafted URL that executes arbitrary JavaScript in the application's origin, enabling theft of session tokens, cookies, and API keys, as well as unauthorized access to notes, document contents, and configuration data. In Electron-based deployments, the impact may escalate to **remote code execution** if insecure web preferences such as `nodeIntegration` are enabled or `contextIsolation` is disabled. Angular disclosed a separate XSS flaw, tracked as **CVE-2026-32635**, caused by a sanitization bypass involving internationalized security-sensitive attributes such as `href` when combined with untrusted data binding; fixed versions include `22.0.0-next.3`, `21.2.4`, `20.3.18`, and `19.2.20`. A third, distinct issue, **CVE-2026-32732**, affects **@leanprover/unicode-input-component** and allows arbitrary JavaScript execution in a victim's browser session, potentially enabling session abuse, data access, and unauthorized backend requests. These are separate vulnerability disclosures rather than a single coordinated incident, and the content is substantive security reporting rather than fluff.
Apr 1, 2026
Code Execution Flaws Expose Vim netrw and SiYuan Users to Endpoint Compromise
Two newly disclosed vulnerabilities affect widely used desktop productivity tools and could let attackers execute code in the context of the logged-in user. **CVE-2026-28417** impacts Vim's `netrw` plugin and allows OS command injection with user interaction, potentially exposing the victim's files, environment variables, and active authentication tokens. The issue is rated **CVSS 4.4 (Medium)** and appears limited to local exploitation, but it could still support persistence, sensitive file theft, or follow-on lateral movement from a developer workstation. A more severe flaw, **CVE-2026-39846**, affects the SiYuan Electron client and enables remote code execution through a stored XSS condition delivered via synchronized note content. The vulnerability carries a **CVSS 9.1** rating and can be triggered when a user opens a malicious synchronized note, allowing silent background execution with the victim user's privileges. Reporting indicates a proof of concept exists, making targeted compromise plausible even though neither issue was reported as actively exploited at disclosure and the Vim flaw was not listed in CISA's Known Exploited Vulnerabilities catalog.
Apr 8, 2026