CVE Catalog

CVE-2026-50551

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.44%

35th percentile — higher than 35% of all known CVEs

Summary

SiYuan is an open-source personal knowledge management system. Prior to version 3.7.0, there is a stored cross-site scripting (XSS) vulnerability in the Attribute View asset cell renderer that can escalate to remote code execution (RCE) in the Electron desktop client.

Risk Assessment

This vulnerability could allow attackers to execute remote code on user systems, posing a serious threat to the security of organizational data and systems.

Recommendation

It is recommended to upgrade SiYuan to version 3.7.0 or later to mitigate this vulnerability.

Original NVD description (English source)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting (XSS) vulnerability in the Attribute View (database) asset cell renderer that escalates to remote code execution (RCE) in the Electron desktop client. This vulnerability is fixed in 3.7.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS