Description
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, SanitizeSVG has an incomplete blocklist — it blocks data:text/html and data:image/svg+xml in href attributes but misses data:text/xml and data:application/xml, both of which can render SVG with JavaScript execution. The unauthenticated /api/icon/getDynamicIcon endpoint serves user-controlled input (via the content parameter) directly into SVG markup using fmt.Sprintf with no escaping, served as Content-Type: image/svg+xml. This creates a click-through XSS: a victim navigates to a crafted URL, sees an SVG with an injected link, and clicking it triggers JavaScript via the bypassed MIME types. The attack requires direct navigation to the endpoint or <object>/<embed> embedding, since <img> tag rendering in the frontend doesn't allow interactive links. This issue has been fixed in version 3.6.1.
Published: 2026-03-20
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Client‑side XSS enabling arbitrary JavaScript execution
Action: Immediate Patch
AI Analysis

Impact

SiYuan’s SanitizeSVG function contains an incomplete blocklist that rejects data:text/html and data:image/svg+xml but permits data:text/xml and data:application/xml. When the /api/icon/getDynamicIcon endpoint receives user‑controlled content via the content parameter, it injects that value directly into SVG markup using fmt.Sprintf without escaping and serves it with a Content‑Type of image/svg+xml. This allows an attacker to craft an SVG that contains a link with a data:text/xml MIME type; clicking the link triggers JavaScript execution and results in a click‑through cross‑site scripting (XSS) vulnerability. The weakness is a classic reflected client‑side XSS, classified under CWE‑79.

Affected Systems

The affected product is SiYuan, a personal knowledge‑management system developed by Siyuan‑Note. All versions 3.6.0 and earlier are vulnerable to the bypass, while the issue was addressed in release 3.6.1 and later versions are considered fixed.

Risk and Exploitability

The vulnerability has a CVSS base score of 9.3, indicating high severity. EPSS scores below 1% suggest a low probability of widespread exploitation. The issue is not listed in the CISA KEV catalog. Exploitation requires no authentication; a malicious link can be sent to a victim or embedded in a page via <object> or <embed> tags. Successful exploitation can lead to data theft, session hijacking, or other client‑side malicious behaviors.

Generated by OpenCVE AI on March 23, 2026 at 19:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade SiYuan to version 3.6.1 or later, which removes the incomplete blocklist and properly sanitizes SVG href attributes.

Generated by OpenCVE AI on March 23, 2026 at 19:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-4mx9-3c2h-hwhg SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183)
History

Mon, 23 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared B3log
B3log siyuan
CPEs cpe:2.3:a:b3log:siyuan:*:*:*:*:*:*:*:*
Vendors & Products B3log
B3log siyuan

Fri, 20 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Siyuan
Siyuan siyuan
Vendors & Products Siyuan
Siyuan siyuan

Fri, 20 Mar 2026 04:15:00 +0000

Type Values Removed Values Added
Description SiYuan is a personal knowledge management system. In versions 3.6.0 and below, SanitizeSVG has an incomplete blocklist — it blocks data:text/html and data:image/svg+xml in href attributes but misses data:text/xml and data:application/xml, both of which can render SVG with JavaScript execution. The unauthenticated /api/icon/getDynamicIcon endpoint serves user-controlled input (via the content parameter) directly into SVG markup using fmt.Sprintf with no escaping, served as Content-Type: image/svg+xml. This creates a click-through XSS: a victim navigates to a crafted URL, sees an SVG with an injected link, and clicking it triggers JavaScript via the bypassed MIME types. The attack requires direct navigation to the endpoint or <object>/<embed> embedding, since <img> tag rendering in the frontend doesn't allow interactive links. This issue has been fixed in version 3.6.1.
Title SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183)
Weaknesses CWE-184
CWE-79
References
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N'}

Subscriptions

B3log Siyuan
Siyuan Siyuan
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-20T19:53:35.414Z

Reserved: 2026-03-17T00:05:53.283Z

Link: CVE-2026-32940

cve-icon Vulnrichment

Updated: 2026-03-20T19:53:20.137Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-20T04:16:49.367

Modified: 2026-03-23T18:22:49.847

Link: CVE-2026-32940

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:09:28Z

Weaknesses