Critical 9.3 CVSS Flaw in SiYuan Lets Hackers Steal Private Notes via SVG Injection

Security researchers have disclosed a high-severity vulnerability in SiYuan, the popular privacy-first personal knowledge management system. The flaw, tracked as CVE-2026-29183 with a CVSS score of 9.3, allows unauthenticated attackers to execute arbitrary JavaScript in the victim’s browser, potentially leading to the theft of private notes and sensitive configuration data.

SiYuan is favored by users for its fine-grained block-level references and Markdown support, often used to store highly personal or proprietary information.

The vulnerability is a reflected Cross-Site Scripting (XSS) issue located in the platform’s dynamic icon API endpoint: /api/icon/getDynamicIcon.

The technical breakdown reveals a failure in both authentication and input sanitization:

• Open Access: The endpoint is exposed without any authentication middleware, meaning anyone with the URL can interact with it.
• Unsafe Construction: When the type parameter is set to 8, the system embeds user-controlled content directly into an SVG output using simple string formatting.
• Incomplete Sanitization: While SiYuan has a built-in “RemoveScriptsInSVG” function, researchers found it only targets <script> tags. It fails to remove dangerous HTML attributes like onerror or onload, which can still trigger JavaScript execution.

By crafting a specific URL, an attacker can bypass the filters using a payload like </text><image … onerror=…><text>, which effectively runs JavaScript within the SiYuan web origin.

If a logged-in SiYuan user clicks a malicious link, the attacker can:

• Execute Arbitrary JavaScript: Run code within the context of the SiYuan web application.
• Abuse API Calls: Perform authenticated actions on behalf of the user, such as modifying or deleting notes.
• Exfiltrate Data: Access and steal sensitive notes, configuration files, and API responses.

The most effective way to address this vulnerability is to ensure that all user-supplied input is properly HTML/XML escaped before being included in the SVG output.

Recommendations for Users:

• Update Immediately: Ensure you are running the latest version of SiYuan where the dynamic icon API has been hardened against reflected input.
• Exercise Caution: Avoid clicking on unexpected or suspicious links, especially those targeting your internal or self-hosted SiYuan instance.
• Network Isolation: For self-hosted users, consider placing SiYuan behind a VPN or zero-trust gateway to limit the exposure of internal API endpoints to the public internet.