Description
SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer (SanitizeSVG) checks href attributes for the javascript: prefix using strings.HasPrefix(). However, inserting ASCII tab (	), newline (
), or carriage return (
) characters inside the javascript: string bypasses this prefix check. Browsers strip these characters per the WHATWG URL specification before parsing the URL scheme, so the JavaScript still executes. This allows an attacker to inject executable JavaScript into the unauthenticated /api/icon/getDynamicIcon endpoint, creating a reflected XSS. This is a second bypass of the fix for CVE-2026-29183 (fixed in v3.5.9). This vulnerability is fixed in 3.5.10.
Published: 2026-03-10
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Reflected XSS via an unauthenticated SVG endpoint
Action: Patch Now
AI Analysis

Impact

SiYuan’s SVG sanitizer validates href attributes by checking if they start with the string "javascript:". In versions prior to 3.5.10, inserting characters such as ASCII tab, newline, or carriage return within the prefix bypasses this check. Browsers strip those whitespace characters before parsing the URL scheme, so the embedded JavaScript is treated as a valid javascript: URI and executed in the victim’s browser when the SVG is rendered. The flaw therefore allows an attacker to inject and execute arbitrary script code through the public /api/icon/getDynamicIcon endpoint.

Affected Systems

All releases of SiYuan Note before version 3.5.10 are vulnerable. The affected component is the backend SVG sanitization logic that examines href attributes. Any deployment that exposes the unauthenticated /api/icon/getDynamicIcon endpoint is at risk, regardless of whether the server is internally or externally reachable.

Risk and Exploitability

The CVSS score of 6.4 indicates moderate severity. The EPSS score of less than 1 % suggests a low probability of exploitation at the time of analysis, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is an unauthenticated request to the /api/icon/getDynamicIcon endpoint, where a crafted SVG containing a javascript: URI with embedded whitespace is fetched and rendered in a browser that visits the URL. The vulnerability’s impact is the execution of arbitrary JavaScript in the victim’s browser context.

Generated by OpenCVE AI on April 17, 2026 at 11:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade SiYuan Note to version 3.5.10 or later, where the SVG sanitizer has been corrected.
  • Limit or block access to the /api/icon/getDynamicIcon endpoint so that only authenticated clients can request icons.
  • Deploy a web application firewall or reverse proxy rule that rejects or normalizes javascript: URIs with embedded whitespace in SVG files to prevent the sanitization bypass.

Generated by OpenCVE AI on April 17, 2026 at 11:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-pmc9-f5qr-2pcr SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS
History

Wed, 11 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared B3log
B3log siyuan
CPEs cpe:2.3:a:b3log:siyuan:*:*:*:*:*:*:*:*
Vendors & Products B3log
B3log siyuan
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Wed, 11 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Siyuan
Siyuan siyuan
Vendors & Products Siyuan
Siyuan siyuan

Tue, 10 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Description SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer (SanitizeSVG) checks href attributes for the javascript: prefix using strings.HasPrefix(). However, inserting ASCII tab (&#9;), newline (&#10;), or carriage return (&#13;) characters inside the javascript: string bypasses this prefix check. Browsers strip these characters per the WHATWG URL specification before parsing the URL scheme, so the JavaScript still executes. This allows an attacker to inject executable JavaScript into the unauthenticated /api/icon/getDynamicIcon endpoint, creating a reflected XSS. This is a second bypass of the fix for CVE-2026-29183 (fixed in v3.5.9). This vulnerability is fixed in 3.5.10.
Title SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 6.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N'}

Subscriptions

B3log Siyuan
Siyuan Siyuan
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-11T16:00:20.423Z

Reserved: 2026-03-09T16:33:42.913Z

Link: CVE-2026-31809

cve-icon Vulnrichment

Updated: 2026-03-11T15:26:13.687Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T21:16:50.337

Modified: 2026-03-11T20:16:05.967

Link: CVE-2026-31809

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T11:45:06Z

Weaknesses