{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33066", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-17T19:27:06.343Z", "datePublished": "2026-03-20T08:11:52.675Z", "dateUpdated": "2026-03-20T21:23:07.778Z"}, "containers": {"cna": {"title": "SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-4663-4mpg-879v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-4663-4mpg-879v"}, {"name": "https://github.com/siyuan-note/siyuan/commit/b382f50e1880ed996364509de5a10a72d7409428", "tags": ["x_refsource_MISC"], "url": "https://github.com/siyuan-note/siyuan/commit/b382f50e1880ed996364509de5a10a72d7409428"}], "affected": [{"vendor": "siyuan-note", "product": "siyuan", "versions": [{"version": "< 3.6.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T08:11:52.675Z"}, "descriptions": [{"lang": "en", "value": "SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the backend renderREADME function uses lute.New() without calling SetSanitize(true), allowing raw HTML embedded in Markdown to pass through unmodified. The frontend then assigns the rendered HTML to innerHTML without any additional sanitization. A malicious package author can embed arbitrary JavaScript in their README that executes when a user clicks to view the package details. Because SiYuan's Electron configuration enables nodeIntegration: true with contextIsolation: false, this XSS escalates directly to full Remote Code Execution. The issue was patched in version 3.6.1."}], "source": {"advisory": "GHSA-4663-4mpg-879v", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T21:22:54.684811Z", "id": "CVE-2026-33066", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T21:23:07.778Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33066", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-20T21:22:54.684811Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T21:23:02.521Z"}}], "cna": {"title": "SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering", "source": {"advisory": "GHSA-4663-4mpg-879v", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "siyuan-note", "product": "siyuan", "versions": [{"status": "affected", "version": "< 3.6.1"}]}], "references": [{"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-4663-4mpg-879v", "name": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-4663-4mpg-879v", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/siyuan-note/siyuan/commit/b382f50e1880ed996364509de5a10a72d7409428", "name": "https://github.com/siyuan-note/siyuan/commit/b382f50e1880ed996364509de5a10a72d7409428", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the backend renderREADME function uses lute.New() without calling SetSanitize(true), allowing raw HTML embedded in Markdown to pass through unmodified. The frontend then assigns the rendered HTML to innerHTML without any additional sanitization. A malicious package author can embed arbitrary JavaScript in their README that executes when a user clicks to view the package details. Because SiYuan's Electron configuration enables nodeIntegration: true with contextIsolation: false, this XSS escalates directly to full Remote Code Execution. The issue was patched in version 3.6.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T08:11:52.675Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33066", "state": "PUBLISHED", "dateUpdated": "2026-03-20T21:23:07.778Z", "dateReserved": "2026-03-17T19:27:06.343Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-20T08:11:52.675Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:b3log:siyuan:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1AA6470-222A-4841-A487-DF65F9859780", "versionEndExcluding": "3.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the backend renderREADME function uses lute.New() without calling SetSanitize(true), allowing raw HTML embedded in Markdown to pass through unmodified. The frontend then assigns the rendered HTML to innerHTML without any additional sanitization. A malicious package author can embed arbitrary JavaScript in their README that executes when a user clicks to view the package details. Because SiYuan's Electron configuration enables nodeIntegration: true with contextIsolation: false, this XSS escalates directly to full Remote Code Execution. The issue was patched in version 3.6.1."}, {"lang": "es", "value": "SiYuan es un sistema de gesti\u00f3n de conocimiento personal. En las versiones 3.6.0 e inferiores, la funci\u00f3n renderREADME del backend utiliza lute.New() sin llamar a SetSanitize(true), lo que permite que el HTML sin procesar incrustado en Markdown pase sin modificar. El frontend luego asigna el HTML renderizado a innerHTML sin ninguna sanitizaci\u00f3n adicional. Un autor de paquete malicioso puede incrustar JavaScript arbitrario en su README que se ejecuta cuando un usuario hace clic para ver los detalles del paquete. Debido a que la configuraci\u00f3n de Electron de SiYuan habilita nodeIntegration: true con contextIsolation: false, este XSS escala directamente a la ejecuci\u00f3n remota de c\u00f3digo completa. El problema fue parcheado en la versi\u00f3n 3.6.1."}], "id": "CVE-2026-33066", "lastModified": "2026-03-23T15:31:10.727", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-20T09:16:14.697", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/siyuan-note/siyuan/commit/b382f50e1880ed996364509de5a10a72d7409428"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-4663-4mpg-879v"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.6.1)"}}], "enrichment": {"confidence": 84.0, "confidence_source": "matching", "scores": [{"score": 84.0, "source": "matching"}]}, "original": {"product": "siyuan", "source": "cna", "vendor": "siyuan-note"}, "product": "siyuan", "vendor": "siyuan"}], "analysis": {"en": {"generated_at": "2026-03-20T09:23:29.976577+00:00", "value": {"mitigation_remediation": ["Upgrade SiYuan to version\u202f3.6.1 or later, which removes the unsanitized renderer configuration.", "If an upgrade cannot be performed, avoid installing or opening packages from untrusted sources.", "Review the Electron security settings in your deployment and, if possible, disable nodeIntegration or enable contextIsolation to reduce the impact of any remaining XSS."], "summary": {"action": "Apply Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected software is Siyuan (personal knowledge management system) from the vendor siyuan\u2011note. The flaw exists in all releases up through version\u202f3.6.0 and is fixed in version\u202f3.6.1. Users running 3.6.0 or older are susceptible when installing or opening packages that contain custom README files. The product and vendor are identified by the CPE string for siyuan-note:siyuan.", "description_and_impact": "SiYuan, a personal knowledge management application, contains a stored cross\u2011site scripting flaw in its Bazaar package README rendering. The backend renders Markdown with lute.New() but never enables sanitization, and the frontend then injects the raw output into the DOM via innerHTML. A malicious package author can embed arbitrary JavaScript into the README; when a user opens the package details, the script runs. Because SiYuan is built with Electron and runs with nodeIntegration\u202f=\u202ftrue and contextIsolation\u202f=\u202ffalse, this XSS escalates directly into full Remote Code Execution, allowing an attacker to run any code on the victim\u2019s machine. This vulnerability corresponds to CWE\u201179 (Improper Neutralization of Input During Web Page Generation).", "risk_and_exploitability": "The CVSS v3 base score is 5.3, indicating a moderate severity vulnerability. No EPSS score is published, and the flaw is not listed in the CISA KEV catalog. Exploitation requires a user to open a malicious package that contains a crafted README; the attack vector is likely local or \u201cfreestanding\u201d due to the need for the user to trigger the rendering, but once triggered the compromise is full-system and uncontrolled. Theoretical exploitation is straightforward for package authors, but depends on user behaviour; therefore, the practical risk is moderate to high for users who install unknown packages."}}}}, "created": "2026-03-20T10:36:39.902651+00:00", "updated": "2026-03-20T16:30:42.784549+00:00", "vendors": ["siyuan", "siyuan$PRODUCT$siyuan"]}