THREATOPS
THREAT OPSThreat News › [GHSA] GHSA-56mp-4f3v-fgj2 (critical) — SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content

[GHSA] GHSA-56mp-4f3v-fgj2 (critical) — SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content

medgithub_advisoriesPublished 2026-07-10

GHSA-56mp-4f3v-fgj2 Severity: critical CVE: CVE-2026-50551

SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content

SiYuan v3.6.5 and earlier versions contain a stored cross-site scripting (XSS) vulnerability in the Attribute View (database) asset cell renderer that escalates to remote code execution (RCE) in the Electron desktop client. This is a neighbor-bug of CVE-2026-4458

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://github.com/advisories/GHSA-56mp-4f3v-fgj2