CVE-2026-54070 is a cross-site scripting vulnerability in SiYuan, an open-source personal knowledge management system. The vulnerability exists in versions before 3.7.0 in the renderPackageREADME function, which converts Markdown README files to HTML using the lute engine with a sanitizer that only blocks legacy event handler attributes. Modern event handlers such as onpointerover and onfocusin are not blocked, allowing malicious scripts embedded in these attributes to execute when the Administrator views a Bazaar package README. The rendered HTML is inserted directly into the DOM without additional client-side sanitization or protective HTTP headers, enabling script execution in the Administrator's authenticated context. This allows a third-party package author to execute arbitrary JavaScript and gain full control over the workspace. The vulnerability is fixed in version 3.7.0.

An attacker who authors a malicious third-party Bazaar package can execute arbitrary JavaScript code in the context of an authenticated Administrator when the Administrator views the package listing. This leads to a full compromise of the SiYuan workspace, including potential data theft, manipulation, or further system compromise. The vulnerability requires the Administrator to view and interact with the malicious package listing after granting marketplace trust consent. There are no known exploits in the wild.

This vulnerability is fixed in SiYuan version 3.7.0. Users should upgrade to version 3.7.0 or later to remediate this issue. No additional mitigations such as CSP or client-side sanitization are present in affected versions. Patch status is not explicitly stated in the vendor advisory, but the fix is confirmed in version 3.7.0. Until upgrading, administrators should avoid opening untrusted Bazaar package listings.