Unrated severityNVD Advisory· Published Jun 24, 2026

SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content

CVE-2026-50551

Description

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting (XSS) vulnerability in the Attribute View (database) asset cell renderer that escalates to remote code execution (RCE) in the Electron desktop client. This vulnerability is fixed in 3.7.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Siyuan Note/Siyuanllm-fuzzy
Range: <3.7.0

Patches

Vulnerability mechanics

References

github.com/siyuan-note/siyuan/security/advisories/GHSA-56mp-4f3v-fgj2mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000