DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-54158: CVE-2026-54158: Stored Cross-Site Scripting to Host Remote Code Execution in SiYuan

CVE-2026-54158: Stored Cross-Site Scripting to Host Remote Code Execution in SiYuan

Vulnerability ID: CVE-2026-54158
CVSS Score: 9.9
Published: 2026-07-10

A critical-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the SiYuan personal knowledge management system. Due to missing sanitization in the attribute-view cell renderer and an insecure Electron default configuration (nodeIntegration: true), attackers can execute arbitrary commands on the victim's host operating system through synchronized workspaces.

TL;DR

Missing output escaping in SiYuan's database view renderer combined with insecure Electron configurations enables attackers to escalate Stored XSS into Remote Code Execution via shared workspaces.


⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-79, CWE-1188
  • Attack Vector: Network (AV:N)
  • CVSS Score: 9.9 (Critical)
  • Exploit Status: Proof-of-Concept
  • Access Required: Low Privileges (PR:L)
  • User Interaction: None (UI:N)
  • Impact: Remote Code Execution (RCE)

Affected Systems

  • SiYuan Desktop Clients (Electron)
  • SiYuan Self-hosted Synced Workspaces
  • SiYuan: < 3.7.0 (Fixed in: 3.7.0)

Code Analysis

Commit: 27e0051

Fix XSS in genAVValueHTML by properly escaping text, url, phone, and mAsset attributes.

Mitigation Strategies

  • Upgrade to SiYuan 3.7.0 or higher
  • Disable nodeIntegration in Electron client builds
  • Restrict workspace synchronization to trusted sources

Remediation Steps:

  1. Download the latest installer for SiYuan version 3.7.0 or newer from the official repository.
  2. Install the update to replace the vulnerable frontend rendering components.
  3. Verify that any shared workspaces do not contain modified attribute-view databases with script injections.

References


Read the full report for CVE-2026-54158 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)