The vulnerability CVE-2026-34605 affects SiYuan versions 3.6.0 through 3.6.1 and is a cross-site scripting (XSS) flaw classified under CWE-79. SiYuan introduced a SanitizeSVG function in version 3.6.0 to mitigate XSS risks in the unauthenticated /api/icon/getDynamicIcon endpoint, which serves SVG images. However, this sanitization can be bypassed by crafting SVG elements with namespace-prefixed tags such as <x:script xmlns:x="http://www.w3.org/2000/svg">. The Go HTML5 parser used by SiYuan records the tag as "x:script" rather than "script", causing the sanitization logic to miss it and allow the malicious script through. When a victim opens the SVG directly in a browser, the XML parser resolves the namespace prefix to the SVG namespace, effectively executing the embedded script. The SVG is served with the Content-Type header set to image/svg+xml and lacks a Content Security Policy (CSP), which would otherwise restrict script execution. This vulnerability enables attackers to execute arbitrary JavaScript in the context of the victim’s browser, potentially leading to session hijacking, data theft, or further exploitation. The flaw does not require authentication or privileges but does require user interaction to open the malicious SVG. The issue was patched in version 3.6.2 by improving SVG sanitization. No known exploits are reported in the wild as of the publication date. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, user interaction needed, and high impact on confidentiality and integrity, with limited availability impact.

This vulnerability can have significant impacts on organizations using affected versions of SiYuan, especially those who allow unauthenticated users to upload or access SVG content via the vulnerable endpoint. Successful exploitation can lead to arbitrary script execution in users’ browsers, enabling theft of sensitive information such as authentication tokens, personal data, or intellectual property stored within the SiYuan environment. It can also facilitate further attacks like phishing, session hijacking, or malware delivery. Since SiYuan is a personal knowledge management system, compromise could result in loss of confidentiality and integrity of user data. The lack of Content Security Policy exacerbates the risk by allowing scripts to run unrestricted. Although exploitation requires user interaction (opening the SVG), the vulnerability is remotely exploitable without authentication, increasing its threat level. Organizations relying on SiYuan for knowledge management or collaboration should consider the risk of data leakage and reputational damage if exploited.

The primary mitigation is to upgrade SiYuan to version 3.6.2 or later, where the vulnerability is patched. Until upgrade is possible, organizations should implement strict input validation and sanitization on all SVG content, especially for namespace-prefixed elements, to prevent malicious scripts from being embedded. Deploying a Content Security Policy (CSP) that restricts script execution in SVG content can reduce risk by blocking inline scripts or scripts from untrusted sources. Additionally, restricting or disabling the ability for unauthenticated users to upload or access SVG files via the /api/icon/getDynamicIcon endpoint can limit exposure. Monitoring and logging access to this endpoint may help detect exploitation attempts. Educating users to avoid opening SVG files from untrusted sources can reduce the likelihood of successful attacks. Finally, consider employing web application firewalls (WAFs) with rules to detect and block malicious SVG payloads containing namespace-prefixed script elements.