CVE-2026-32751

Exploit

EPSS 0.8%
Veröffentlicht 19.03.2026 21:11:59
Zuletzt bearbeitet 23.03.2026 18:16:01
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the mobile file tree (MobileFiles.ts) renders notebook names via innerHTML without HTML escaping when processing renamenotebook WebSocket events. The desktop version (Files.ts) properly uses escapeHtml() for the same operation. An authenticated user who can rename notebooks can inject arbitrary HTML/JavaScript that executes on any mobile client viewing the file tree. Since Electron is configured with nodeIntegration: true and contextIsolation: false, the injected JavaScript has full Node.js access, escalating stored XSS to full remote code execution. The mobile layout is also used in the Electron desktop app when the window is narrow, making this exploitable on desktop as well. This issue has been fixed in version 3.6.1.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

B3log ≫ Siyuan Version < 3.6.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.8%	0.516

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9	2.3	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
security-advisories@github.com	5.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/siyuan-note/siyuan/releases/tag/v3.6.1

Release Notes

https://github.com/siyuan-note/siyuan/security/advisories/GHSA-qr46-rcv3-4hq3

Vendor Advisory

Exploit

Mitigation

https://github.com/siyuan-note/siyuan/commit/f6d35103f774b65e52f03e018649ff0e57924fb0

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-32751

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-32751

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-32751

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-32751