CVE-2026-50551

CVE-2026-50551 is a critical-severity cross-site scripting (XSS) vulnerability in github.com/siyuan-note/siyuan/kernel (go), affecting versions < 0.0.0-20260628153353-2d5d72223df4. It is fixed in 0.0.0-20260628153353-2d5d72223df4.

Check whether CVE-2026-50551 affects your applications

Kodem tells you whether this CVE is present, reachable, and actually executing in your application, so you know if it matters.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Runtime intelligence. Only the CVEs that actually run in production.

Summary

SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content

Full technical description

SiYuan v3.6.5 and earlier versions contain a stored cross-site scripting (XSS) vulnerability in the Attribute View (database) asset cell renderer that escalates to remote code execution (RCE) in the Electron desktop client. This is a neighbor-bug of CVE-2026-44588: the fix for -44588 used escapeAriaLabel() (double-escapes <), but the AV asset renderers were left using the weaker escapeAttr() (escapes only quotes) or no escaping at all.

Vulnerability Details

The Electron renderer is configured with nodeIntegration: true and contextIsolation: false (app/electron/main.js:307), allowing any JavaScript executing in the renderer to directly access Node.js APIs including require('child_process').

Two XSS sinks exist.

Sink 1 (Direct Stored XSS - triggers on page load)

app/src/protyle/render/av/cell.ts:1008:

  text += `<span class="b3-chip av__celltext--url ariaLabel" aria-label="${escapeAttr(item.content)}" data-name="${escapeAttr(item.name)}"

data-url="${escapeAttr(item.content)}">${item.name || item.content}`;

The >${item.name || item.content}</span> portion is raw user input with zero escaping.

app/src/protyle/render/av/blockAttr.ts:93 (even worse - completely unescaped):

  html += `<img loading="lazy" class="av__cellassetimg ariaLabel" aria-label="${item.content}" src="${getCompressURL(item.content)}">`;

Rendered via action.ts:860: cellElement.innerHTML = renderCell(...) results in immediate XSS on page load.

Sink 2 (Hover-triggered XSS via aria-label round-trip)

  • Same lines emit aria-label="${escapeAttr(item.content)}" on .ariaLabel elements.
  • escapeAttr() (util/escape.ts:14) escapes only " and ', NOT < or >.
  • popover.ts:33 global mouseover handler reads aria-label via getAttribute (which attribute-decodes entities).
  • Line 144: showTooltip(decodeURIComponent(tip), ...) then tooltip.ts:41: messageElement.innerHTML = message results in XSS on hover.

Source

  • app/src/protyle/render/av/asset.ts:405: addAssetLink() reads user input from a free-form <textarea> with no sanitization.
  • Kernel stores MAsset.Content raw (kernel/av/value.go:53), no server-side sanitization.

Attack Vector

  1. Attacker creates a malicious note containing an Attribute View (database).
  2. Attacker adds an asset cell with link content: <img src=x onerror=require('child_process').exec('calc')>
  3. Victim opens the note for immediate RCE (Sink 1), or hovers over the cell for RCE (Sink 2).
  4. In a sync/collaboration scenario, the malicious note propagates to all users.

Proof of Concept

Payload (Direct XSS), in an AV asset cell link field, enter:

  <img src=x onerror=alert(document.domain)>

For RCE in Electron desktop:

  <img src=x onerror=require('child_process').exec('calc')>

Steps to Reproduce

  1. Open SiYuan desktop app (v3.6.5).
  2. Create a new document.
  3. Insert an Attribute View (database): / then select "Table".
  4. Add a column of type "Asset".
  5. Click the asset cell, then "Add Link".
  6. In the "Link" textarea, paste: <img src=x onerror=alert(1)>
  7. Leave "Title" empty or fill with benign text.
  8. Click outside the dialog to save.
  9. Observe: Alert fires immediately (Sink 1). Hovering over the cell also triggers (Sink 2).

Impact

  • Remote Code Execution on victim's system via malicious note sync/import.
  • Data exfiltration: attacker can read all notes, access filesystem, steal credentials.
  • Persistence: malicious payload stored in .sy files, executes on every open.

Suggested Fix

  1. Replace escapeAttr() with escapeAriaLabel() for all aria-label attributes in AV cell renderers.
  2. Escape item.name and item.content with escapeHtml() before concatenating into element text content.

Affected files: app/src/protyle/render/av/cell.ts, app/src/protyle/render/av/blockAttr.ts, app/src/protyle/render/av/asset.ts.

Additional Context

This vulnerability is a neighbor-bug of CVE-2026-44588. The fix for -44588 correctly used escapeAriaLabel() (which double-escapes < to survive the attribute -> getAttribute -> innerHTML round-trip), but the AV asset cell renderers were left using the weaker escapeAttr() or no escaping. This is part of a pattern of incomplete fixes in SiYuan (see also CVE-2026-33066, CVE-2026-29183). The long-term fix should set ElectroncontextIsolation: true and nodeIntegration: false.

Report

Reporter (GitHub: Yunkaiwjs).

Impact

Untrusted input is rendered as active markup in a victim's browser, which can run script in their session. Typical impact: session or credential theft, and actions taken as the user.

CVE-2026-50551 has a CVSS score of 9.9 (Critical). The vector is network-reachable, low privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (0.0.0-20260628153353-2d5d72223df4); upgrading removes the vulnerable code path.

Affected versions

github.com/siyuan-note/siyuan/kernel (< 0.0.0-20260628153353-2d5d72223df4)

Security releases

github.com/siyuan-note/siyuan/kernel → 0.0.0-20260628153353-2d5d72223df4 (go)

Kodem intelligence

Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.

Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.

Already deployed Kodem?

See it in your environmentNew to Kodem? Get a demo →

Remediation advice

Upgrade github.com/siyuan-note/siyuan/kernel to 0.0.0-20260628153353-2d5d72223df4 or later to resolve this vulnerability.

Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.

Frequently Asked Questions

  1. What is CVE-2026-50551? CVE-2026-50551 is a critical-severity cross-site scripting (XSS) vulnerability in github.com/siyuan-note/siyuan/kernel (go), affecting versions < 0.0.0-20260628153353-2d5d72223df4. It is fixed in 0.0.0-20260628153353-2d5d72223df4. Untrusted input is rendered as active markup in a victim's browser, which can run script in their session.
  2. How severe is CVE-2026-50551? CVE-2026-50551 has a CVSS score of 9.9 (Critical). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
  3. Which versions of github.com/siyuan-note/siyuan/kernel are affected by CVE-2026-50551? github.com/siyuan-note/siyuan/kernel (go) versions < 0.0.0-20260628153353-2d5d72223df4 is affected.
  4. Is there a fix for CVE-2026-50551? Yes. CVE-2026-50551 is fixed in 0.0.0-20260628153353-2d5d72223df4. Upgrade to this version or later.
  5. Is CVE-2026-50551 exploitable, and should I be worried? Whether CVE-2026-50551 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
  6. What actually determines whether CVE-2026-50551 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
  7. How do I fix CVE-2026-50551? Upgrade github.com/siyuan-note/siyuan/kernel to 0.0.0-20260628153353-2d5d72223df4 or later.

Other vulnerabilities in github.com/siyuan-note/siyuan/kernel

Stop the waste.
Protect your environment with Kodem.