Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

Vulnerability IntelligenceCVE-2026-50551

CVE-2026-50551

CRITICAL9.9

SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content

Published Jun 24, 2026

Modified Yesterday

Details

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting (XSS) vulnerability in the Attribute View (database) asset cell renderer that escalates to remote code execution (RCE) in the Electron desktop client. This vulnerability is fixed in 3.7.0.

References

https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56mp-4f3v-fgj2

https://www.cve.org/CVERecord?id=CVE-2026-50551

CVSS Analysis

CVSS v3.1

9.9

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

ChangedS:C

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

9.9/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Weakness Type (CWE)

Injection

Cross-site Scripting (XSS)

Ecosystems

Timeline

PublishedJun 24, 2026

ModifiedJun 24, 2026

CVE-2026-50551 | Mondoo Vulnerability Intelligence