CVE-2026-23847 Overview
SiYuan is a personal knowledge management system that allows users to organize notes, documents, and knowledge bases. A reflected cross-site scripting (XSS) vulnerability has been identified in versions prior to 3.5.4 affecting the /api/icon/getDynamicIcon endpoint. The vulnerability stems from unsanitized SVG input handling, where the content query parameter is inserted directly into SVG <text> tags without proper XML escaping.
Critical Impact
Attackers can inject malicious JavaScript through crafted SVG content, potentially leading to session hijacking, credential theft, or malicious actions performed on behalf of authenticated users.
Affected Products
- SiYuan versions prior to 3.5.4
Discovery Timeline
- 2026-01-19 - CVE CVE-2026-23847 published to NVD
- 2026-01-19 - Last updated in NVD database
Technical Details for CVE-2026-23847
Vulnerability Analysis
This reflected XSS vulnerability occurs in the dynamic icon generation functionality of SiYuan. The /api/icon/getDynamicIcon endpoint creates SVG images for text icons when the type=8 parameter is specified. The core issue lies in how user-supplied content is processed and embedded into the generated SVG response.
When a request is made to this endpoint, the content query parameter value is directly interpolated into the SVG <text> element without any XML character escaping or sanitization. Since the HTTP response is served with Content-Type: image/svg+xml, the browser renders it as XML content. This allows an attacker to craft a malicious payload that breaks out of the intended XML structure by injecting closing tags and arbitrary SVG/HTML elements, including <script> tags that execute JavaScript in the context of the user's session.
Root Cause
The root cause is a classic input validation failure classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). The application fails to properly escape or sanitize user-controlled input before embedding it in dynamically generated SVG content. Special XML characters such as <, >, &, ", and ' are not encoded, allowing attackers to inject arbitrary XML/SVG elements and JavaScript code.
Attack Vector
The attack is network-based and requires user interaction. An attacker must craft a malicious URL containing the XSS payload in the content parameter and trick a victim into clicking the link. When the victim's browser requests the crafted URL, the server generates an SVG response containing the injected script, which executes in the victim's browser context. This can be used to steal session tokens, perform actions as the authenticated user, or redirect users to malicious sites.
svg = generateTypeOneSVG(color, lang, dateInfo)
}
+ if !model.Conf.Editor.AllowSVGScript {
+ svg = util.RemoveScriptsInSVG(svg)
+ }
+
c.Header("Content-Type", "image/svg+xml")
c.Header("Cache-Control", "no-cache")
c.Header("Pragma", "no-cache")
Source: GitHub Commit
The patch introduces a script removal function (util.RemoveScriptsInSVG) that sanitizes the generated SVG output when the AllowSVGScript configuration option is disabled (default behavior). This prevents embedded scripts from being included in the SVG response.
Detection Methods for CVE-2026-23847
Indicators of Compromise
- HTTP requests to /api/icon/getDynamicIcon with type=8 parameter containing suspicious payloads such as <script>, javascript:, or SVG event handlers (onload, onerror)
- Web server logs showing URL-encoded XSS payloads in the content query parameter
- Unusual JavaScript execution errors in client-side logs related to icon rendering
Detection Strategies
- Implement web application firewall (WAF) rules to detect and block requests containing XSS patterns in the content parameter of the /api/icon/getDynamicIcon endpoint
- Deploy content security policy (CSP) headers to restrict inline script execution
- Monitor for anomalous requests to the dynamic icon API with large or unusual content parameter values
Monitoring Recommendations
- Enable detailed logging for all requests to the /api/icon/ endpoint
- Set up alerts for requests containing HTML/XML tags or JavaScript keywords in query parameters
- Review access logs for repeated attempts to probe the getDynamicIcon endpoint with varying payloads
How to Mitigate CVE-2026-23847
Immediate Actions Required
- Upgrade SiYuan to version 3.5.4 or later immediately
- Review server logs for evidence of exploitation attempts targeting the /api/icon/getDynamicIcon endpoint
- Implement a Web Application Firewall (WAF) rule to filter malicious content in the content parameter
Patch Information
The vulnerability has been patched in SiYuan version 3.5.4. The fix introduces a script removal mechanism that sanitizes SVG output by default. The patch is controlled by the AllowSVGScript configuration option, which is disabled by default to prevent script execution in generated SVG images.
For detailed information, refer to the GitHub Security Advisory and the commit patch.
Workarounds
- If immediate upgrade is not possible, consider restricting access to the /api/icon/getDynamicIcon endpoint via network-level controls or reverse proxy rules
- Implement strict Content Security Policy headers with script-src 'self' to mitigate the impact of successful XSS attacks
- Deploy a reverse proxy or WAF that performs input sanitization on the content parameter before requests reach the application
# Example nginx location block to restrict access to vulnerable endpoint
location /api/icon/getDynamicIcon {
# Block requests containing potential XSS payloads
if ($args ~* "(<|>|script|javascript|onerror|onload)") {
return 403;
}
proxy_pass http://siyuan_backend;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
