2 matches found
GO-2026-5540 SiYuan: Remote Code Execution in the Electron desktop client via stored XSS in synced table captions in github.com/siyuan-note/siyuan/kernel
SiYuan: Remote Code Execution in the Electron desktop client via stored XSS in synced table captions in github.com/siyuan-note/siyuan/kernel...
CVE-2026-39846 SiYuan affected by Remote Code Execution in the Electron desktop client via stored XSS in synced table captions
SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another user can trigger remote code execution in the SiYuan Electron desktop client. The root cause is that table caption content is stored without safe escaping and later unescaped into rendered HTML,...