{"uuid": "4f8f1fbc-7a90-450f-ab88-2e11262dac17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54158", "type": "seen", "source": "https://gist.github.com/alon710/c12d56fc3c8087be09be97f40fd8c89a", "content": "# CVE-2026-54158: CVE-2026-54158: Stored Cross-Site Scripting to Host Remote Code Execution in SiYuan\n\n&gt; **CVSS Score:** 9.9\n&gt; **Published:** 2026-07-10\n&gt; **Full Report:** https://cvereports.com/reports/CVE-2026-54158\n\n## Summary\nA critical-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the SiYuan personal knowledge management system. Due to missing sanitization in the attribute-view cell renderer and an insecure Electron default configuration (nodeIntegration: true), attackers can execute arbitrary commands on the victim's host operating system through synchronized workspaces.\n\n## TL;DR\nMissing output escaping in SiYuan's database view renderer combined with insecure Electron configurations enables attackers to escalate Stored XSS into Remote Code Execution via shared workspaces.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-79, CWE-1188\n- **Attack Vector**: Network (AV:N)\n- **CVSS Score**: 9.9 (Critical)\n- **Exploit Status**: Proof-of-Concept\n- **Access Required**: Low Privileges (PR:L)\n- **User Interaction**: None (UI:N)\n- **Impact**: Remote Code Execution (RCE)\n\n## Affected Systems\n\n- SiYuan Desktop Clients (Electron)\n- SiYuan Self-hosted Synced Workspaces\n- **SiYuan**: &lt; 3.7.0 (Fixed in: `3.7.0`)\n\n## Mitigation\n\n- Upgrade to SiYuan 3.7.0 or higher\n- Disable nodeIntegration in Electron client builds\n- Restrict workspace synchronization to trusted sources\n\n**Remediation Steps:**\n1. Download the latest installer for SiYuan version 3.7.0 or newer from the official repository.\n2. Install the update to replace the vulnerable frontend rendering components.\n3. Verify that any shared workspaces do not contain modified attribute-view databases with script injections.\n\n## References\n\n- [GitHub Security Advisory GHSA-5xfx-xj4h-5p7r](https://github.com/siyuan-note/siyuan/security/advisories/GHSA-5xfx-xj4h-5p7r)\n- [NVD Detail Page](https://nvd.nist.gov/vuln/detail/CVE-2026-54158)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-54158) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-11T00:12:22.474252Z"}