External risk intelligence

SiYuan could allow external attacker to take control of the system

CVE advisorySeverity: CRITICAL (CVSS 9.4)

CVE-2026-44670

An external attacker could exploit a flaw in SiYuan to run unauthorized code on a user's computer. This could allow them to steal sensitive personal notes or gain full control over the host system.

1Halo Surface Signal

Cross-site Scripting

External exposure likelihood

Halo Surface Signal score for CVE-2026-44670

SiYuan is a client-side personal knowledge management application. The vulnerability requires social engineering, such as sharing a malicious database file or collaborating on a notebook, rather than being reachable through standard public-internet-facing services, web applications, or network gateways.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

An issue in SiYuan, a personal knowledge management system, allows for code execution if a user opens a specially crafted document. This happens because the application embeds user-provided names directly into its code without proper cleaning, enabling attackers to inject malicious commands. This is a serious concern because it could allow unauthorized control over a user's system.

  • Could lead to full system compromise.
  • Requires user interaction to exploit.
  • Affects users who open malicious files.

Attack Path

How an attacker could exploit the issue

An attacker can exploit this by tricking a user into opening a crafted Attribute View name within the SiYuan application. Because the application embeds these names directly into HTML without proper sanitization, and the main process runs with elevated Node.js privileges, this leads to remote code execution on the victim's machine.

  • Target users opening malicious AV names.
  • Vulnerability in client-side rendering.
  • Main process has Node.js execution.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability in SiYuan allows for remote code execution due to improper HTML escaping and the application's client-side Node.js environment. While the path to exploitation isn't direct, it can be triggered by users opening malicious database files, making it a plausible, though likely targeted, threat. The absence of KEV listing suggests it hasn't been widely weaponized, but the critical severity and available exploit path warrant attention.

  • No KEV listing observed.
  • Exploitation depends on user interaction.
  • Fix available in version 3.7.0.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize identifying and blocking any network traffic attempting to exploit this vulnerability. Since the vulnerability is fixed in version 3.7.0, teams should focus on upgrading affected SiYuan instances to this patched version as soon as possible to eliminate the risk of remote code execution. If immediate patching is not feasible, focus on network-level filtering to block known malicious payloads and implement stricter access controls for shared notebooks.

  • Upgrade SiYuan to version 3.7.0.
  • Block network requests targeting vulnerable endpoints.
  • Monitor for signs of compromise.

Frequently asked questions

What is SiYuan and what kind of vulnerability does it have?

SiYuan is an open-source personal knowledge management system. It has a critical vulnerability that allows for remote code execution if a user opens a specially crafted document. This occurs because the application embeds user-provided names into its code without proper sanitization, enabling attackers to inject malicious commands.

How does the vulnerability in SiYuan lead to code execution?

The vulnerability stems from SiYuan's kernel storing Attribute View (AV) names without HTML escaping. When these raw names are embedded into HTML and sent to clients, three independent client paths consume the value without escaping. Due to the main BrowserWindow running with elevated Node.js privileges (nodeIntegration:true, contextIsolation:false, webSecurity:false), this HTML injection results in Node.js code execution.

What is the attack path for this SiYuan vulnerability, and are there any limitations?

An attacker can exploit this by tricking a user into opening a crafted Attribute View name within the SiYuan application. The vulnerability is in client-side rendering, and exploitation requires user interaction, such as opening a malicious file. It is not directly reachable through public-internet-facing services.

How relevant is the SiYuan vulnerability, and what is its current threat level?

The SiYuan vulnerability has a critical severity (CVSS: 9.4) and allows for remote code execution. While it requires user interaction and is not listed on the KEV catalog, the available exploit path and critical nature make it a plausible, albeit likely targeted, threat.

What steps should be taken to address the SiYuan vulnerability?

The vulnerability is fixed in version 3.7.0. Teams should prioritize upgrading affected SiYuan instances to this patched version. If immediate patching is not possible, focus on network-level filtering for malicious payloads and implement stricter access controls for shared notebooks.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified