CVE-2026-50551
SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting (XSS) vulnerability in the Attribute View (database) asset cell renderer that escalates to remote code execution (RCE) in the Electron desktop client. This vulnerability is fixed in 3.7.0.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Productos afectados
siyuan-note · siyuan¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →