CVE-2026-50551
CriticalCVSS 9.9Exploitation Probability (EPSS)
Low risk35th percentile — higher than 35% of all known CVEs
Summary
SiYuan is an open-source personal knowledge management system. Prior to version 3.7.0, there is a stored cross-site scripting (XSS) vulnerability in the Attribute View asset cell renderer that can escalate to remote code execution (RCE) in the Electron desktop client.
Risk Assessment
This vulnerability could allow attackers to execute remote code on user systems, posing a serious threat to the security of organizational data and systems.
Recommendation
It is recommended to upgrade SiYuan to version 3.7.0 or later to mitigate this vulnerability.
Original NVD description (English source)
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting (XSS) vulnerability in the Attribute View (database) asset cell renderer that escalates to remote code execution (RCE) in the Electron desktop client. This vulnerability is fixed in 3.7.0.

