THREAT OPS › Threat News › [GHSA] GHSA-56mp-4f3v-fgj2 (critical) — SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content
[GHSA] GHSA-56mp-4f3v-fgj2 (critical) — SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content
GHSA-56mp-4f3v-fgj2 Severity: critical CVE: CVE-2026-50551
SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content
SiYuan v3.6.5 and earlier versions contain a stored cross-site scripting (XSS) vulnerability in the Attribute View (database) asset cell renderer that escalates to remote code execution (RCE) in the Electron desktop client. This is a neighbor-bug of CVE-2026-4458
MITRE ATT&CK techniques
Indicators of compromise
- CVE-2026-50551cve
- CVE-2026-44588cve
- CVE-2026-33066cve
- CVE-2026-29183cve
Original source: https://github.com/advisories/GHSA-56mp-4f3v-fgj2