A malicious website can achieve Remote Code Execution (RCE) on any desktop running SiYuan by exploiting the permissive CORS policy (Access-Control-Allow-Origin: * + Access-Control-Allow-Private-Network: true) to inject a JavaScript snippet via the API. The injected snippet executes in Electron's Node.js context with full OS access the next time the user opens SiYuan's UI. No user interaction is required beyond visiting the malicious website while SiYuan is running.
Vulnerable files:
kernel/server/serve.go, lines 960-963 — CORS middlewarekernel/api/snippet.go, lines 93-128 — snippet injection endpointRoot cause: The CORS middleware unconditionally sets:
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Private-Network: true
The Access-Control-Allow-Private-Network: true header explicitly opts into Chrome's Private Network Access specification, telling the browser that external websites are permitted to access this localhost service. Combined with Access-Control-Allow-Origin: *, any website on the internet can make authenticated cross-origin requests to the SiYuan API at 127.0.0.1:6806.
The auth middleware at kernel/model/session.go:251-280 checks the Origin header, but this check is bypassed because the browser sends the session cookie (set on 127.0.0.1) along with the cross-origin request, and the server validates the cookie before reaching the Origin check for unauthenticated sessions.
Attack chain:
https://evil-attacker.com while SiYuan desktop is runninghttp://127.0.0.1:6806 — SiYuan responds with permissive CORS headers/api/snippet/setSnippet with the user's session cookie3.6.2Exploitability
AV:NAC:LPR:NUI:RScope
S:CImpact
C:HI:HA:H9.6/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H