SiYuan versions before 3.6.1 contain an XSS vulnerability in the Bazaar marketplace that allows remote code execution via malicious package metadata.
Description
SiYuan versions before 3.6.1 contain an XSS vulnerability in the Bazaar marketplace that allows remote code execution via malicious package metadata.
AI Analyst Comment
Remediation
Update SiYuan SiYuan to the latest version. Check the vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: SiYuan
PRODUCT: SiYuan
AFFECTED_VERSIONS: Before v3.6.1
---END_METADATA---
Description Summary:
SiYuan versions before 3.6.1 contain an XSS vulnerability in the Bazaar marketplace that allows remote code execution via malicious package metadata.
Executive Summary:
A critical vulnerability in the SiYuan Bazaar marketplace allows unauthenticated attackers to achieve remote code execution on user systems by injecting malicious payloads into package metadata.
Vulnerability Details
CVE-ID: CVE-2026-56397
Affected Software: SiYuan SiYuan
Affected Versions: Before v3.6.1
Vulnerability: This is a cross-site scripting (XSS) vulnerability residing in the package metadata processing logic. By embedding malicious payloads in package fields, an attacker can leverage Electron's nodeIntegration settings to escape the sandbox and execute arbitrary OS commands.
Business Impact
With a CVSS score of 9.6, this vulnerability poses a severe risk to organizational security. Successful exploitation grants an attacker full control over the victim's local machine, potentially leading to data exfiltration, lateral movement within the network, and complete system compromise.
Remediation Plan
Immediate Action: Upgrade all SiYuan installations to version 3.6.1 or later immediately to apply the required input sanitization patches.
Proactive Monitoring: Review application logs for unusual package metadata submissions or unexpected outbound network connections originating from the SiYuan application process.
Compensating Controls: If immediate patching is not possible, restrict network access to the Bazaar marketplace or implement strict egress filtering to prevent unauthorized command-and-control communication.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of Jun 21, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the ability to achieve remote code execution, this vulnerability represents a critical security risk. Organizations should prioritize the update to version 3.6.1 across all endpoints to eliminate the risk of arbitrary code execution via the Bazaar marketplace.