The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2026-23852

CVE-2026-23852: SiYuan Knowledge Management XSS Vulnerability

CVE-2026-23852 is a stored Cross-Site Scripting flaw in SiYuan personal knowledge management system that can lead to remote code execution in desktop environments. This article covers technical details, affected versions, and fixes.

Published: January 23, 2026

CVE-2026-23852 Overview

CVE-2026-23852 is a stored Cross-Site Scripting (XSS) vulnerability in SiYuan, a personal knowledge management system. This vulnerability allows an attacker to inject arbitrary HTML attributes into the icon attribute of a block via the /api/attr/setBlockAttrs API. The malicious payload is later rendered in the dynamic icon feature without proper sanitization, leading to stored XSS and, in the desktop environment, potential remote code execution (RCE).

This vulnerability represents a bypass of a previous security fix for issue #15970, which also addressed XSS to RCE via dynamic icons. The incomplete nature of the original patch allowed attackers to find alternative injection vectors.

Critical Impact

Attackers can achieve stored XSS that persists across sessions, and in Electron-based desktop environments, escalate to full remote code execution, potentially compromising the entire system.

Affected Products

  • SiYuan versions prior to 3.5.4
  • SiYuan Desktop Application (Electron-based) versions prior to 3.5.4
  • SiYuan Web Application versions prior to 3.5.4

Discovery Timeline

  • 2026-01-19 - CVE-2026-23852 published to NVD
  • 2026-01-19 - Last updated in NVD database

Technical Details for CVE-2026-23852

Vulnerability Analysis

The vulnerability exists in the block attribute handling mechanism of SiYuan's API layer. When users interact with the /api/attr/setBlockAttrs endpoint, the application accepts user-controlled input for block attributes including the icon parameter. The dynamic icon feature subsequently renders these attributes without adequate sanitization, creating an injection point for malicious HTML attributes.

The root issue stems from improper input validation (CWE-94: Improper Control of Generation of Code) where the application fails to properly escape or validate attribute values before rendering them in the DOM context. This is particularly dangerous in Electron-based desktop applications where JavaScript execution can break out of the browser sandbox and interact with the underlying operating system.

Root Cause

The vulnerability originates from incomplete input sanitization in the dynamic icon rendering component. The previous fix for issue #15970 addressed specific XSS vectors but did not comprehensively cover all attribute injection scenarios. The icon attribute value is directly interpolated into the rendered HTML without proper encoding, allowing attackers to break out of the attribute context and inject additional HTML attributes or event handlers.

Attack Vector

The attack is network-based and requires user interaction. An attacker can exploit this vulnerability by:

  1. Crafting a malicious payload containing arbitrary HTML attributes
  2. Sending the payload via the /api/attr/setBlockAttrs API to set a block's icon attribute
  3. Waiting for a victim to view or interact with the block containing the malicious icon
  4. When rendered, the injected attributes execute in the victim's browser context
  5. In desktop environments, the attacker can leverage Electron's Node.js integration to execute system commands

The stored nature of this XSS means the malicious payload persists in the application's data store and executes whenever the affected content is rendered, making it particularly dangerous for shared knowledge bases.

Detection Methods for CVE-2026-23852

Indicators of Compromise

  • Unusual API calls to /api/attr/setBlockAttrs endpoint with encoded or obfuscated payloads in the icon parameter
  • Block attributes containing unexpected HTML event handlers such as onerror, onload, onmouseover, or onfocus
  • Evidence of JavaScript execution in application logs indicating DOM manipulation or external resource loading
  • System command execution traces originating from the SiYuan desktop application process

Detection Strategies

  • Monitor network traffic for suspicious POST requests to the /api/attr/setBlockAttrs endpoint containing special characters or script tags
  • Implement Content Security Policy (CSP) headers to detect and prevent inline script execution
  • Review application audit logs for attribute modifications containing potential XSS payloads
  • Deploy endpoint detection rules to identify anomalous child process spawning from Electron-based applications

Monitoring Recommendations

  • Enable verbose logging for all API attribute modification operations
  • Configure web application firewalls (WAF) to inspect and block requests containing XSS patterns in JSON payloads
  • Monitor for unusual network connections or process creation originating from the SiYuan application
  • Establish baseline behavior for the application and alert on deviations such as unexpected script execution

How to Mitigate CVE-2026-23852

Immediate Actions Required

  • Upgrade SiYuan to version 3.5.4 or later immediately
  • Audit existing blocks for suspicious icon attribute values that may contain injected HTML
  • Restrict network access to the SiYuan API for untrusted users until patching is complete
  • Consider disabling the dynamic icon feature temporarily if upgrade is not immediately possible

Patch Information

The SiYuan development team has released version 3.5.4 which contains an updated fix for this vulnerability. The patch is available in the GitHub commit. Additional details can be found in the GitHub Security Advisory GHSA-7c6g-g2hx-23vv.

The fix implements comprehensive input sanitization for block attributes, ensuring that user-controlled values cannot escape the attribute context and inject malicious code.

Workarounds

  • Implement network-level filtering to block requests to /api/attr/setBlockAttrs containing suspicious patterns
  • Deploy a reverse proxy with request inspection to sanitize incoming API payloads before they reach the application
  • Limit API access to authenticated and trusted users only using network segmentation or firewall rules
  • Disable the dynamic icon feature if supported by the application configuration
bash
# Example: Restrict API access using iptables (Linux)
# Allow only trusted IP to access SiYuan API
iptables -A INPUT -p tcp --dport 6806 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 6806 -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeXSS
  • Vendor/TechSiyuan
  • SeverityMEDIUM
  • CVSS Score5.8
  • EPSS Probability0.20%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityNone
  • CWE References
  • CWE-94
  • Technical References
  • GitHub Commit Details
  • GitHub Security Advisory GHSA-7c6g-g2hx-23vv
  • Related CVEs
  • CVE-2026-34605: SiYuan Knowledge System XSS Vulnerability
  • CVE-2026-23847: SiYuan Reflected XSS Vulnerability
  • CVE-2026-23645: SiYuan Note Stored XSS Vulnerability
  • CVE-2026-40107: SiYuan Information Disclosure Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English