External risk intelligence

SiYuan Marketplace HTML Injection Leads to OS Command Execution.

CVE advisorySeverity: CRITICAL (CVSS 9.0)

CVE-2026-55570

This is a personal knowledge management system primarily used as a desktop client application. The vulnerability requires a user to interact with a malicious package within the marketplace, making it an application-specific, client-side issue rather than a service or gateway reachable from the public internet.

Cross-site Scripting

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

This advisory concerns a critical vulnerability in the SiYuan personal knowledge management system that could allow for arbitrary operating system command execution. The issue arises from how untrusted input is handled when packaging marketplace items, potentially enabling attackers to inject malicious code if users interact with a compromised package. While the specific impact depends on user interaction and the presence of the desktop client, the severity warrants attention.

  • Code can be run on user computers.
  • This is a critical flaw in a knowledge tool.
  • Confirm relevance and assess exposure risks.

Attack Path

How an attacker could exploit the issue

An attacker could craft a malicious package for the SiYuan knowledge management system. If a user installs this package, the untrusted fields within the package's marketplace card will be improperly escaped, allowing for the injection of HTML. In the desktop client, this leads to arbitrary code execution on the operating system.

  • Requires installation of a malicious package.
  • Untrusted package fields inject HTML.
  • Arbitrary OS command execution.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could affect users of the SiYuan knowledge management system when interacting with malicious packages in its marketplace. Specifically, specially crafted package names can lead to arbitrary HTML injection within the application's interface. In the desktop client, this can escalate to arbitrary operating system command execution due to permissive Node.js configurations.

  • System data and user data could be compromised.
  • Exposure occurs through malicious marketplace package names.
  • Arbitrary OS command execution is a realistic consequence.

Operational Fix

Recommended remediation, mitigation, and detection steps

The SiYuan knowledge management system's desktop client is susceptible to command execution. The first step is to identify all SiYuan installations, confirm their marketplace reachability, and determine business criticality to prioritize remediation efforts.

  • SiYuan application owners should own this issue.
  • Verify marketplace package integrity and reachability.
  • Plan remediation based on identified risk and criticality.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is SiYuan?

SiYuan is an open-source personal knowledge management system. Users often deploy it as a desktop application to organize notes, documents, and local data. It features a marketplace where users can discover and install additional packages to extend the software's functionality.

How does CVE-2026-55570 create a security weakness?

This vulnerability involves Improper Neutralization of Input (CWE-79, CWE-94, and CWE-116). Because the application fails to properly escape certain fields like package names, a malicious actor can inject unauthorized HTML. In the desktop client, this injection can escape the application's interface and trigger arbitrary operating system commands.

When does this vulnerability trigger?

The flaw triggers when a user interacts with a maliciously crafted package within the SiYuan marketplace. Simply having the software installed does not trigger the bug; the code execution requires the specific action of processing a package that contains characters designed to break out of the application's data attributes.

Is my SiYuan installation at risk?

According to Halo Surface Signal, this is very unlikely to be an internet-facing threat. Because SiYuan is typically a desktop client, it is not a public service. The risk is localized to the user who chooses to install a malicious package from the marketplace, rather than a remote attacker scanning your network.

How do I address this CVE?

The primary response is to update your SiYuan software to version 3.7.0 or later, which contains the necessary security fixes. As a general best practice, you should only install packages from trusted sources within the marketplace and remain cautious about adding unverified third-party content to your local environment.

References