CVE-2026-33066 is a medium-severity vulnerability affecting SiYuan, a personal knowledge management system, specifically versions prior to 3.6.1. The root cause lies in the backend renderREADME function, which uses the lute.New() Markdown renderer without enabling the SetSanitize(true) option. This omission allows raw HTML embedded within Markdown content to pass through unfiltered. The frontend then assigns this rendered HTML directly to the DOM via innerHTML without any additional sanitization or escaping. A malicious package author can exploit this by embedding arbitrary JavaScript code inside their README file. When a user clicks to view the package details, the malicious script executes in the context of the Electron application. Critically, SiYuan’s Electron environment is configured with nodeIntegration set to true and contextIsolation set to false, which means the JavaScript code runs with full Node.js privileges. This configuration allows the XSS attack to escalate to full remote code execution on the victim’s machine, enabling an attacker to execute arbitrary commands, access local files, or install malware. The vulnerability was publicly disclosed on March 20, 2026, and patched in version 3.6.1. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges or user interaction required, and low scope impact, resulting in a base score of 5.3. No known exploits have been reported in the wild to date.

The primary impact of this vulnerability is the potential for remote code execution on affected systems, which can lead to complete compromise of the host machine running SiYuan. Attackers can execute arbitrary commands, steal sensitive data, install persistent malware, or move laterally within an organization’s network. Because SiYuan is a personal knowledge management system, it may contain sensitive intellectual property, personal data, or business-critical information, increasing the risk of data breaches. The vulnerability is exploitable remotely without user interaction, making it a significant risk especially in environments where users frequently install or view third-party packages or notes. Organizations using affected versions in enterprise or collaborative settings face risks of insider threats or supply chain attacks via malicious package authors. The Electron configuration exacerbates the impact by allowing escalation from XSS to full system compromise. Although no active exploits are reported, the ease of exploitation and severity of impact warrant urgent remediation.

Organizations and users should immediately upgrade SiYuan to version 3.6.1 or later, where the vulnerability is patched by enabling HTML sanitization in the Markdown renderer. Until upgrading, users should avoid opening or viewing README files from untrusted or unknown package authors. Electron application configurations should be hardened by disabling nodeIntegration and enabling contextIsolation to reduce the risk of XSS leading to RCE. Implementing Content Security Policy (CSP) within the Electron app can further mitigate script injection risks. Regularly audit and monitor package sources for suspicious content. Employ endpoint protection solutions capable of detecting anomalous script execution or unauthorized command execution. Educate users about the risks of opening untrusted content within the application. Finally, maintain up-to-date backups and incident response plans to quickly recover from potential compromises.