CVE-2026-44670

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0

Description The software fails to escape HTML when storing and rendering Attribute View (AV) names. The kernel stores these names without escaping and uses a raw string replacement to embed them in HTML before sending them to clients via WebSocket. This allows for HTML injection through three client paths: render.ts (via outerHTML), Title.ts (via innerHTML), and transaction.ts (via innerHTML).

Because the main BrowserWindow is configured with nodeIntegration: true, contextIsolation: false, and webSecurity: false, this HTML injection can be escalated to Node.js code execution (RCE) on the victim's desktop. The payload is persistent, as it is stored on disk, replicates through sync transports (S3, WebDAV, cloud), and survives export-import processes. It can be triggered by any user role opening a document bound to the affected AV.

Technical details include the use of the /api/transactions endpoint with the setAttrViewName action to plant the payload. The vulnerability is reachable via local-origin requests, including those from allowlisted chrome-extension:// origins, allowing malicious browser extensions to execute the attack.

Recommendations Update to version 3.7.0. As a temporary mitigation, restrict access to the /api/transactions endpoint or avoid importing .sy.zip files from untrusted sources.