Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
MediumPublic exploit

Stored XSS to RCE in SiYuan README rendering

IdentifiersCVE-2026-33066CWE-79· Improper Neutralization of Input…

CVE-2026-33066 affects SiYuan, a personal knowledge management system. In SiYuan 3.6.0 and earlier, the backend renderREADME function renders Markdown using lute.New() without enabling sanitization via SetSanitize(true). As a result, raw HTML embedded in a package README is preserved in the rendered output. The frontend subsequently inserts that rendered HTML into the DOM via innerHTML without additional sanitization. This creates a stored cross-site scripting condition in package detail views: a malicious package author can place arbitrary HTML/JavaScript in a README, and the payload executes when a user views the package details. In the Electron desktop client, the impact is amplified because the renderer is configured with nodeIntegration enabled and contextIsolation disabled, allowing injected JavaScript to access Node.js APIs and escalate from XSS to operating-system-level remote code execution. The issue was patched in SiYuan 3.6.1.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows execution of arbitrary JavaScript in the victim's SiYuan renderer process when the malicious package README is viewed. In the Electron desktop client, because nodeIntegration is enabled and contextIsolation is disabled, the XSS can be escalated to full remote code execution through Node.js APIs. This can enable arbitrary command execution, theft of notes and other local data, filesystem access, credential theft, and broader compromise of the user's workstation within the privileges of the SiYuan process.

Mitigation

If you can’t patch tonight, do this now.

Until patching is completed, avoid viewing package details from untrusted or unaudited package sources, especially READMEs that may contain attacker-controlled Markdown or HTML. Restrict or disable installation and browsing of third-party packages from untrusted authors. If operationally feasible, harden the Electron runtime by setting nodeIntegration to false and contextIsolation to true to reduce the blast radius of renderer XSS. Additional defensive measures include sanitizing rendered Markdown output before DOM insertion and enforcing stricter content handling for package metadata.

Remediation

Patch, then assume compromise.

Upgrade SiYuan to version 3.6.1 or later, where the issue is patched. The vulnerable Markdown rendering path should sanitize HTML by enabling sanitization in the backend renderer, and frontend code should avoid assigning untrusted rendered content directly to innerHTML unless it has been robustly sanitized. Electron applications should also be hardened by disabling nodeIntegration and enabling contextIsolation wherever possible to prevent XSS from becoming native code execution.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
B3logSiyuanapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

4 sources tracked across advisories and community write-ups. News coverage will land here when it surfaces.

4 SOURCESView more in app

No news coverage yet. Advisories and community discussion only.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-33066
NVD
nvd.nist.gov/vuln/detail/CVE-2026-33066
MITRE CWE · CWE-79
Improper Neutralization of Input During Web…
Patch
github.com/siyuan-note/siyuan/commit/b382f50e1880ed996364509de5a10a72d7409428
Vendor Advisory
github.com/siyuan-note/siyuan/security/advisories/GHSA-4663-4mpg-879v