Listen to this Post
The Electron desktop client of SiYuan (versions ≤ 3.6.5) is configured with `nodeIntegration: true` and `contextIsolation: false` (app/electron/main.js:307), which permits any JavaScript executing in the renderer to directly invoke Node.js APIs, including require('child_process'). This design flaw turns any cross-site scripting (XSS) vulnerability into a full remote code execution (RCE) primitive.
This vulnerability is a neighbor-bug of CVE-2026-44588. The earlier fix for -44588 introduced `escapeAriaLabel()` (which double-escapes `<` to survive the attribute → `getAttribute` → `innerHTML` round-trip), but the Attribute View (AV) asset cell renderers were overlooked and remain using the weaker `escapeAttr()` (escapes only `"` and ‘) or no escaping at all.
Two distinct XSS sinks exist. Sink 1 is a direct stored XSS that triggers immediately on page load. In app/src/protyle/render/av/cell.ts:1008, the code concatenates:
text +=${item.name || item.content};
The `>${item.name || item.content}` portion is raw user input with zero escaping. Even worse, in app/src/protyle/render/av/blockAttr.ts:93, the code is completely unescaped:
`html += `
`;`
These are rendered via `action.ts:860` (cellElement.innerHTML = renderCell(...)), resulting in immediate XSS on page load.
Sink 2 is a hover-triggered XSS via an aria-label round-trip. The same lines emit `aria-label=”${escapeAttr(item.content)}”` on `.ariaLabel` elements. `escapeAttr()` (util/escape.ts:14) only escapes `”` and `’` — not `<` or >. A global mouseover handler in `popover.ts:33` reads `aria-label` via `getAttribute` (which attribute-decodes entities), then at line 144 calls showTooltip(decodeURIComponent(tip), ...). In tooltip.ts:41, `messageElement.innerHTML = message` executes the payload on hover.
The source of the malicious input is app/src/protyle/render/av/asset.ts:405, where `addAssetLink()` reads user input from a free-form `
DailyCVE Form:
Platform: SiYuan
Version: v3.6.5
Vulnerability: Stored XSS to RCE
Severity: Critical
date: 2026-07-10
Prediction: Pending
What Undercode Say:
Direct XSS payload (alert)
<img src=x onerror=alert(document.domain)>
RCE payload (Electron desktop)
<img src=x onerror=require('child_process').exec('calc')>
Steps to reproduce
1. Open SiYuan desktop app (v3.6.5)
2. Create a new document
3. Insert an Attribute View (Table)
4. Add a column of type "Asset"
5. Click the asset cell, then "Add Link"
6. In the "Link" textarea, paste: <img src=x onerror=alert(1)>
7. Leave "" empty or fill with benign text
8. Click outside the dialog to save
9. Alert fires immediately; hovering also triggers
Exploit:
- Attacker crafts a note with an AV asset cell containing:
`
`
- Victim opens the note → RCE (calc.exe launches).
- For data exfiltration, replace `exec(‘calc’)` with a reverse shell or file-read script.
- The payload persists in `.sy` files and executes on every open.
- In collaborative environments, the malicious note syncs to all users automatically.
Protection:
- Replace `escapeAttr()` with `escapeAriaLabel()` for all `aria-label` attributes in AV cell renderers.
- Escape `item.name` and `item.content` with `escapeHtml()` before concatenating into element text content.
- Long-term: set Electron `contextIsolation: true` and
nodeIntegration: false. - Apply patch as soon as available; monitor SiYuan releases for fixes addressing these files:
`app/src/protyle/render/av/cell.ts`, `app/src/protyle/render/av/blockAttr.ts`, `app/src/protyle/render/av/asset.ts`.
Impact:
- Remote Code Execution on victim’s system via malicious note sync/import.
- Full data exfiltration: attacker can read all notes, access filesystem, steal credentials.
- Persistence: payload stored in `.sy` files, executes on every document open.
- Widespread damage in sync/collaboration scenarios due to automatic propagation.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
projects@undercode.co.uk
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

