CVE-2026-31807 in SiYuan
Summary
by MITRE • 03/10/2026
SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer (SanitizeSVG) blocks dangerous elements (<script>, <iframe>, <foreignobject>) and removes on* event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements (<animate>, <set>) which can dynamically set attributes to dangerous values at runtime, bypassing the static sanitization. This allows an attacker to inject executable JavaScript into the unauthenticated /api/icon/getDynamicIcon endpoint (type=8), creating a reflected XSS. This is a bypass of the fix for CVE-2026-29183 (fixed in v3.5.9). This vulnerability is fixed in v3.5.10.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/16/2026
The vulnerability described in CVE-2026-31807 represents a critical security flaw in SiYuan's SVG sanitization mechanism that enables reflected cross-site scripting attacks. This issue affects versions prior to 3.5.10 and specifically targets the SanitizeSVG component that is responsible for filtering potentially dangerous SVG elements within the system. The vulnerability demonstrates a classic case of incomplete input validation where the sanitization process fails to account for dynamically executable SVG elements that can modify attributes at runtime, creating a significant bypass of existing security controls.
The technical implementation of this flaw stems from the SVG sanitizer's selective approach to element blocking, which successfully prevents static injection vectors such as script tags, iframe elements, and foreignobject components. However, the sanitizer's oversight in addressing animation elements like <animate> and <set> creates a substantial attack surface. These animation elements can dynamically modify attributes during runtime execution, allowing malicious actors to inject JavaScript code that would otherwise be blocked by static sanitization rules. The vulnerability specifically exploits the /api/icon/getDynamicIcon endpoint with type parameter set to 8, which processes SVG content without adequate runtime protection, creating a reflected XSS scenario where attacker-controlled SVG content can execute within the victim's browser context.
The operational impact of this vulnerability extends beyond simple XSS exploitation, as it represents a bypass of a previously identified fix for CVE-2026-29183 in version 3.5.9. This demonstrates the complexity of SVG sanitization and the difficulty of creating comprehensive protection mechanisms for rich media content processing. The vulnerability affects unauthenticated endpoints, meaning that any user can potentially exploit this without requiring prior authentication, significantly increasing the attack surface and potential impact. The reflected XSS nature of this vulnerability means that attackers can craft malicious SVG payloads that will execute when users view the affected content, potentially leading to session hijacking, data theft, or further exploitation of the compromised system.
Security mitigations for this vulnerability require comprehensive SVG sanitization that accounts for both static and dynamic elements within SVG content. The fix implemented in version 3.5.10 must address all SVG animation elements that can modify attributes at runtime, ensuring that <animate> and <set> elements cannot be used to inject executable JavaScript. Organizations should implement additional security controls including content security policy headers, input validation at multiple layers, and regular security assessments of SVG processing components. This vulnerability aligns with CWE-79 (Cross-site Scripting) and represents a specific case of incomplete sanitization that maps to ATT&CK technique T1203 (Exploitation for Client Execution) and T1566 (Phishing). The incident highlights the importance of comprehensive testing for dynamic content execution and the need for security measures that account for runtime modifications rather than just static content analysis.