PT-2026-52104 · Siyuan Note · Siyuan

Published

2026-06-24

Updated

2026-06-24

CVE-2026-50551

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting (XSS) vulnerability in the Attribute View (database) asset cell renderer that escalates to remote code execution (RCE) in the Electron desktop client. This vulnerability is fixed in 3.7.0.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-50551

Affected Products

Siyuan

PT-2026-52104 · Siyuan Note · Siyuan

CVE-2026-50551

Weakness Enumeration

Related Identifiers

Affected Products

References · 2