{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33066", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-17T19:27:06.343Z", "datePublished": "2026-03-20T08:11:52.675Z", "dateUpdated": "2026-03-20T08:11:52.675Z"}, "containers": {"cna": {"title": "SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-4663-4mpg-879v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-4663-4mpg-879v"}, {"name": "https://github.com/siyuan-note/siyuan/commit/b382f50e1880ed996364509de5a10a72d7409428", "tags": ["x_refsource_MISC"], "url": "https://github.com/siyuan-note/siyuan/commit/b382f50e1880ed996364509de5a10a72d7409428"}], "affected": [{"vendor": "siyuan-note", "product": "siyuan", "versions": [{"version": "< 3.6.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T08:11:52.675Z"}, "descriptions": [{"lang": "en", "value": "SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the backend renderREADME function uses lute.New() without calling SetSanitize(true), allowing raw HTML embedded in Markdown to pass through unmodified. The frontend then assigns the rendered HTML to innerHTML without any additional sanitization. A malicious package author can embed arbitrary JavaScript in their README that executes when a user clicks to view the package details. Because SiYuan's Electron configuration enables nodeIntegration: true with contextIsolation: false, this XSS escalates directly to full Remote Code Execution. The issue was patched in version 3.6.1."}], "source": {"advisory": "GHSA-4663-4mpg-879v", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the backend renderREADME function uses lute.New() without calling SetSanitize(true), allowing raw HTML embedded in Markdown to pass through unmodified. The frontend then assigns the rendered HTML to innerHTML without any additional sanitization. A malicious package author can embed arbitrary JavaScript in their README that executes when a user clicks to view the package details. Because SiYuan's Electron configuration enables nodeIntegration: true with contextIsolation: false, this XSS escalates directly to full Remote Code Execution. The issue was patched in version 3.6.1."}], "id": "CVE-2026-33066", "lastModified": "2026-03-20T13:37:50.737", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-20T09:16:14.697", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/siyuan-note/siyuan/commit/b382f50e1880ed996364509de5a10a72d7409428"}, {"source": "security-advisories@github.com", "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-4663-4mpg-879v"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.6.1)"}}], "enrichment": {"confidence": 84.0, "confidence_source": "matching", "scores": [{"score": 84.0, "source": "matching"}]}, "original": {"product": "siyuan", "source": "cna", "vendor": "siyuan-note"}, "product": "siyuan", "vendor": "siyuan"}], "analysis": {"en": {"generated_at": "2026-03-20T09:23:29.976577+00:00", "value": {"mitigation_remediation": ["Upgrade SiYuan to version\u202f3.6.1 or later, which removes the unsanitized renderer configuration.", "If an upgrade cannot be performed, avoid installing or opening packages from untrusted sources.", "Review the Electron security settings in your deployment and, if possible, disable nodeIntegration or enable contextIsolation to reduce the impact of any remaining XSS."], "summary": {"action": "Apply Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected software is Siyuan (personal knowledge management system) from the vendor siyuan\u2011note. The flaw exists in all releases up through version\u202f3.6.0 and is fixed in version\u202f3.6.1. Users running 3.6.0 or older are susceptible when installing or opening packages that contain custom README files. The product and vendor are identified by the CPE string for siyuan-note:siyuan.", "description_and_impact": "SiYuan, a personal knowledge management application, contains a stored cross\u2011site scripting flaw in its Bazaar package README rendering. The backend renders Markdown with lute.New() but never enables sanitization, and the frontend then injects the raw output into the DOM via innerHTML. A malicious package author can embed arbitrary JavaScript into the README; when a user opens the package details, the script runs. Because SiYuan is built with Electron and runs with nodeIntegration\u202f=\u202ftrue and contextIsolation\u202f=\u202ffalse, this XSS escalates directly into full Remote Code Execution, allowing an attacker to run any code on the victim\u2019s machine. This vulnerability corresponds to CWE\u201179 (Improper Neutralization of Input During Web Page Generation).", "risk_and_exploitability": "The CVSS v3 base score is 5.3, indicating a moderate severity vulnerability. No EPSS score is published, and the flaw is not listed in the CISA KEV catalog. Exploitation requires a user to open a malicious package that contains a crafted README; the attack vector is likely local or \u201cfreestanding\u201d due to the need for the user to trigger the rendering, but once triggered the compromise is full-system and uncontrolled. Theoretical exploitation is straightforward for package authors, but depends on user behaviour; therefore, the practical risk is moderate to high for users who install unknown packages."}}}}, "created": "2026-03-20T10:36:39.902651+00:00", "updated": "2026-03-20T16:30:42.784549+00:00", "vendors": ["siyuan", "siyuan$PRODUCT$siyuan"]}