CVE-2026-33067 is a vulnerability classified as CWE-79 (Improper Neutralization of Input During Web Page Generation, i.e., Cross-site Scripting) affecting SiYuan, a personal knowledge management system. Versions 3.6.0 and earlier improperly render package metadata fields such as displayName and description using JavaScript template literals without HTML escaping. This flaw allows a malicious package author to inject arbitrary HTML and JavaScript code into these fields. When any user navigates to the Bazaar page within SiYuan, the injected script executes automatically. Critically, SiYuan is built on Electron with nodeIntegration set to true and contextIsolation set to false, which means the injected script can access Node.js APIs and escalate the XSS to full remote code execution (RCE) on the victim's operating system. This RCE occurs without any user interaction beyond opening the marketplace tab, making exploitation straightforward once a malicious package is published. The vulnerability was publicly disclosed on March 20, 2026, and fixed in version 3.6.1. The CVSS 4.0 base score is 5.3, indicating medium severity, with an attack vector of network, low complexity, no privileges required (though the vector indicates PR:L, meaning some privileges are needed), no user interaction, and limited scope impact. No known exploits in the wild have been reported to date.

The impact of this vulnerability is significant for organizations and individuals using SiYuan versions prior to 3.6.1. Because the vulnerability allows remote code execution on the victim's machine without user interaction, attackers can fully compromise affected systems. This includes the ability to execute arbitrary commands, install malware, exfiltrate data, or pivot within internal networks. The attack surface includes any user who accesses the Bazaar page, making it easy for attackers to target multiple users by publishing malicious packages. The compromise of personal knowledge management systems can lead to leakage of sensitive intellectual property, personal data, or credentials stored within or accessible from the application. Given the Electron environment, the attacker gains OS-level access, which can severely impact confidentiality, integrity, and availability of affected systems. Although no exploits are known in the wild yet, the ease of exploitation and severity of impact make this a critical risk for affected users.

To mitigate this vulnerability, organizations and users should immediately upgrade SiYuan to version 3.6.1 or later, where the issue is fixed by proper HTML escaping of package metadata fields. Until upgrading, users should avoid browsing or installing packages from untrusted or unknown sources in the Bazaar marketplace. Administrators can consider disabling or restricting access to the Bazaar page to reduce exposure. Additionally, running SiYuan in a hardened Electron environment by disabling nodeIntegration and enabling contextIsolation can prevent escalation of XSS to RCE. Employing endpoint protection solutions that detect anomalous script execution or suspicious process behavior may help detect exploitation attempts. Regularly monitoring for updates and advisories from the SiYuan project is essential. Finally, educating users about the risks of installing unverified packages can reduce the likelihood of successful attacks.