CVE-2026-34585 is a stored cross-site scripting vulnerability in the SiYuan personal knowledge management system, specifically affecting versions before 3.6.2. The vulnerability stems from improper neutralization of input during web page generation (CWE-79), where crafted block attribute values containing a mix of HTML entities and raw special characters bypass server-side attribute escaping. An attacker can create a malicious IAL (Inline Attribute Language) value embedded within a .sy document, which is then packaged as a .sy.zip archive. When a victim imports this archive using the standard Import -> SiYuan .sy.zip workflow and opens the note, the malicious attribute breaks out of its intended HTML context and injects an event handler, resulting in stored XSS. In the Electron-based desktop client, this XSS escalates to remote code execution because the injected JavaScript executes with full access to Node.js and Electron APIs, enabling arbitrary code execution on the victim’s system. The vulnerability requires user interaction to import and open the malicious note but does not require any authentication or elevated privileges. The vulnerability has a CVSS v3.1 base score of 8.6, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. The issue was fixed in SiYuan version 3.6.2, and users are strongly advised to update to this version or later to prevent exploitation.

The vulnerability allows attackers to achieve remote code execution on the victim’s machine by exploiting a stored XSS flaw in the SiYuan desktop client. This can lead to full compromise of the affected system, including theft of sensitive data, installation of malware, lateral movement within networks, and persistent backdoors. Since SiYuan is used for personal knowledge management, attackers could also exfiltrate or manipulate confidential user notes and data. The requirement for user interaction (importing and opening a malicious note) somewhat limits the attack vector but does not eliminate risk, especially in environments where users frequently exchange or import .sy.zip files. The ability to execute arbitrary code with Node/Electron API access significantly elevates the threat, as it bypasses typical sandboxing protections found in web browsers. Organizations using SiYuan, particularly in sectors handling sensitive or proprietary information, face risks of data breaches, espionage, and operational disruption if this vulnerability is exploited.

1. Upgrade SiYuan to version 3.6.2 or later immediately to apply the official patch addressing this vulnerability. 2. Implement strict file import policies and educate users to avoid importing .sy.zip files from untrusted or unknown sources. 3. Employ endpoint protection solutions capable of detecting suspicious Electron app behaviors and script injections. 4. Use application whitelisting to restrict execution of unauthorized scripts or binaries spawned by SiYuan. 5. Monitor logs and network traffic for unusual activity originating from SiYuan processes, especially after note imports. 6. Consider sandboxing or running SiYuan in a restricted environment to limit the impact of potential exploitation. 7. Regularly audit and review user workflows involving SiYuan to identify and mitigate risky practices involving file imports. 8. If feasible, disable or restrict the Import feature temporarily until the patch is applied in high-risk environments.