CVE-2026-29183 is a critical reflected cross-site scripting vulnerability affecting the SiYuan personal knowledge management system before version 3.5.9. The vulnerability arises from improper neutralization of user input in the dynamic icon API endpoint GET /api/icon/getDynamicIcon when the query parameter type=8 is specified. This endpoint returns an image/svg+xml response that includes attacker-controlled content embedded directly into the SVG output without proper escaping or sanitization. Because the endpoint is unauthenticated and accessible publicly, an attacker can craft a malicious URL containing SVG/HTML event handlers (e.g., onerror) that execute arbitrary JavaScript when a user, particularly an authenticated user, opens the link. This JavaScript runs in the security context of the SiYuan web origin, allowing the attacker to chain this XSS to perform authenticated API requests on behalf of the victim and exfiltrate sensitive information stored within the SiYuan environment. The vulnerability exploits the SVG format's ability to embed executable scripts via event handlers, which is a common vector for XSS attacks in web applications that serve SVG content dynamically. The flaw is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) and has a CVSS 3.1 base score of 9.3, reflecting its critical impact on confidentiality and integrity without requiring authentication but requiring user interaction (clicking the malicious link). The vendor addressed this vulnerability in version 3.5.9 by properly escaping or sanitizing the input embedded in the SVG output, preventing script injection. No public exploits have been reported yet, but the high severity and ease of exploitation make it a significant risk for users of affected versions.

The impact of CVE-2026-29183 is substantial for organizations using SiYuan as a knowledge management platform. Successful exploitation allows attackers to execute arbitrary JavaScript in the context of the victim's browser session, leading to theft of sensitive data, including personal notes, credentials, or other confidential information stored within SiYuan. Attackers can also perform actions on behalf of the authenticated user via the API, potentially modifying or deleting data, disrupting workflows, or planting persistent malicious content. Since the vulnerability is exploitable without authentication and only requires the victim to open a crafted URL, it poses a high risk of phishing or social engineering attacks. The confidentiality and integrity of organizational knowledge assets are at risk, which can lead to intellectual property theft, privacy violations, and operational disruption. Although availability is not directly impacted, the loss of trust and potential data leakage can have severe reputational and compliance consequences. Organizations with remote or distributed teams relying on SiYuan for collaboration are particularly vulnerable, as attackers can target users via email or messaging platforms. The lack of known exploits in the wild suggests a window of opportunity for defenders to patch and mitigate before widespread attacks occur.

To mitigate CVE-2026-29183, organizations should immediately upgrade all SiYuan deployments to version 3.5.9 or later, where the vulnerability is patched. If upgrading is not immediately feasible, implement network-level controls to restrict access to the vulnerable API endpoint, such as web application firewalls (WAFs) configured to detect and block suspicious SVG payloads or requests containing the type=8 parameter. Educate users about the risks of clicking untrusted links, especially those purporting to be related to SiYuan content. Employ Content Security Policy (CSP) headers to restrict the execution of inline scripts and reduce the impact of XSS attacks. Regularly audit and monitor SiYuan logs for unusual API activity that could indicate exploitation attempts. Developers and administrators should review custom integrations or plugins that interact with the dynamic icon API to ensure they do not introduce similar injection flaws. Finally, maintain a robust patch management process to promptly apply security updates for all software components.