CVE-2026-29183

CriticalPublic PoC

Published: 06 March 2026

Published

06 March 2026

Modified

10 March 2026

KEV Added

—

Patch

—

CVSS Score 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

EPSS Score 0.0040 60.8th percentile

Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Description

SiYuan is a personal knowledge management system. Prior to version 3.5.9, an unauthenticated reflected XSS vulnerability exists in the dynamic icon API endpoint "GET /api/icon/getDynamicIcon" when type=8, attacker-controlled content is embedded into SVG output without escaping. Because the endpoint is…

unauthenticated and returns image/svg+xml, a crafted URL can inject executable SVG/HTML event handlers (for example onerror) and run JavaScript in the SiYuan web origin. This can be chained to perform authenticated API actions and exfiltrate sensitive data when a logged-in user opens the malicious link. This issue has been patched in version 3.5.9.

Mitigating Controls (NIST 800-53 r5)AI

SI-15 Information Output Filtering good match

prevent

Filters SVG output to escape or block attacker-controlled content and executable event handlers like onerror, directly preventing reflected XSS injection.

SI-10 Information Input Validation good match

prevent

Validates API inputs such as the type parameter to reject or sanitize malicious content before embedding into SVG responses.

SI-9 Information Input Restrictions partial match

prevent

Restricts unauthenticated inputs to the dynamic icon endpoint to whitelisted values or formats, limiting opportunities for XSS payload injection.

Security SummaryAI

SiYuan, a personal knowledge management system, is affected by CVE-2026-29183, an unauthenticated reflected cross-site scripting (XSS) vulnerability in versions prior to 3.5.9. The flaw exists in the dynamic icon API endpoint GET /api/icon/getDynamicIcon when the type parameter is set to 8, where attacker-controlled content is embedded into SVG output without escaping.

The endpoint is unauthenticated and returns content with a media type of image/svg+xml, enabling an attacker to craft a URL that injects executable SVG or HTML event handlers, such as onerror, to execute JavaScript in the context of the SiYuan web origin. Exploitation requires a logged-in user to open the malicious link, after which the attacker can chain the XSS payload with authenticated API actions to exfiltrate sensitive data from the victim's account.

The issue has been patched in SiYuan version 3.5.9. Additional details on the vulnerability and remediation are available in the GitHub Security Advisory at https://github.com/siyuan-note/siyuan/security/advisories/GHSA-6865-qjcf-286f.

Details

CWE(s): CWE-79

Affected Products

b3log

siyuan

≤ 3.5.9

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.007 JavaScript Execution

Adversaries may abuse various implementations of JavaScript for execution.

attack.mitre.org →

Why these techniques?

Unauthenticated reflected XSS in public-facing web app endpoint enables exploitation of public-facing applications (T1190) and JavaScript execution (T1059.007) in victim browser context for further actions like data exfiltration.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/siyuan-note/siyuan/security/advisories/GHSA-6865-qjcf-286f
Exploit, Vendor Advisory · security-advisories@github.com