CVE-2026-23850

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.4

Description The markdown feature in SiYuan allows unrestricted server-side HTML rendering, which can lead to arbitrary file read (LFD) and Server-Side Request Forgery (SSRF). This issue occurs because the markdown parameter is passed to the model.CreateWithMarkdown function without proper sanitization. The input is then passed to luteEngine.Md2BlockDOM(md, false) without sanitization as well. An attacker can exploit this to read sensitive files from the system and potentially access internal hosts via SSRF. A proof-of-concept (PoC) exploit is available.

Recommendations Update SiYuan to version 3.5.4 or later.