Critical RCE in SiYuan PKM: XSS to Arbitrary Code Execution

The National Vulnerability Database (NVD) has disclosed a critical vulnerability, CVE-2026-40322, affecting SiYuan, an open-source personal knowledge management system. This isn’t just another XSS; it’s a stored XSS escalated to arbitrary code execution on desktop builds, scoring a CVSS 9.0. This is the kind of flaw that keeps CISOs up at night.

The core issue, as detailed by NVD, lies in how SiYuan versions 3.6.3 and below handle Mermaid diagrams. The system renders these diagrams with a ‘loose’ security level, then injects the resulting SVG directly into the DOM via innerHTML. This lax approach allows javascript: URLs embedded in Mermaid code blocks to persist into the rendered output. An attacker doesn’t need to be sophisticated; they just need to craft a malicious Mermaid block.

But here’s where it gets truly dangerous: on Electron-based desktop builds, SiYuan enables nodeIntegration and disables contextIsolation. These are critical security misconfigurations in Electron. When a victim opens a note containing this malicious Mermaid block and then clicks the rendered diagram, the stored XSS payload isn’t just executing in the browser context. It’s executing with Node.js privileges, effectively turning a simple click into arbitrary code execution on the user’s machine.

Think about the attacker’s calculus here. This isn’t a drive-by exploit. It requires user interaction (a click), but the payload is stored within the victim’s own knowledge base. An attacker could embed this in a shared note, a template, or even compromise a SiYuan instance to inject it. Once inside, the impact is total compromise of the client system. Data exfiltration, ransomware, persistent backdoors – it’s all on the table.

For defenders, this highlights a critical blind spot: the security of internal tools and personal productivity applications. Many organizations overlook these, assuming their threat surface is external. This vulnerability demonstrates that internal client-side applications, especially those built with frameworks like Electron, can introduce significant risk if not secured properly. The combination of insecure rendering and Electron misconfiguration is a potent cocktail for RCE. Organizations need to treat all applications, open-source or commercial, with the same rigorous security scrutiny.