CVE-2026-50551
Published
CVSS v3
9.9
CRITICAL
CVSS v2
N/A
Affected
1
PROJECT
Description
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting (XSS) vulnerability in the Attribute View (database) asset cell renderer that escalates to remote code execution (RCE) in the Electron desktop client. This vulnerability is fixed in 3.7.0.
A privacy-first, self-hosted, fully open source personal knowledge management software, written in typescript and golang.
GitHub