CVE-2026-32940 in SiYuan
Summary
by MITRE • 03/20/2026
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, SanitizeSVG has an incomplete blocklist — it blocks data:text/html and data:image/svg+xml in href attributes but misses data:text/xml and data:application/xml, both of which can render SVG with JavaScript execution. The unauthenticated /api/icon/getDynamicIcon endpoint serves user-controlled input (via the content parameter) directly into SVG markup using fmt.Sprintf with no escaping, served as Content-Type: image/svg+xml. This creates a click-through XSS: a victim navigates to a crafted URL, sees an SVG with an injected link, and clicking it triggers JavaScript via the bypassed MIME types. The attack requires direct navigation to the endpoint or <object>/<embed> embedding, since <img> tag rendering in the frontend doesn't allow interactive links. This issue has been fixed in version 3.6.1.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 03/26/2026
The vulnerability identified as CVE-2026-32940 affects SiYuan, a personal knowledge management system, specifically targeting versions 3.6.0 and earlier. This security flaw resides in the SanitizeSVG functionality which implements an incomplete blocklist mechanism designed to prevent malicious data URLs from being embedded in SVG elements. The sanitization process correctly identifies and blocks data:text/html and data:image/svg+xml URLs within href attributes, yet fails to account for data:text/xml and data:application/xml MIME types that can similarly execute SVG content with JavaScript capabilities. This oversight creates a critical security gap that allows attackers to bypass the intended protection measures through these overlooked MIME types.
The vulnerability manifests through the unauthenticated /api/icon/getDynamicIcon endpoint which processes user-provided input through the content parameter without proper sanitization or escaping mechanisms. The system employs fmt.Sprintf to directly inject this user-controlled content into SVG markup, serving the resulting output with Content-Type: image/svg+xml. This approach creates a dangerous condition where malicious input can be seamlessly integrated into the SVG structure, enabling attackers to construct malicious SVG files that contain embedded JavaScript execution capabilities. The vulnerability specifically impacts the click-through cross-site scripting scenario, where victims must navigate to a crafted URL to encounter the malicious SVG content, though this is not a traditional browser-based XSS vector.
The operational impact of this vulnerability is significant as it enables attackers to deliver malicious SVG content that can execute JavaScript when users interact with embedded links. The attack requires users to either directly navigate to the vulnerable endpoint or have the SVG content embedded via <object> or <embed> tags since the <img> tag rendering in web browsers does not support interactive links that could trigger JavaScript execution. This limitation in attack delivery methods actually makes the vulnerability more targeted but still highly dangerous within the context of the SiYuan application. The bypassed MIME types data:text/xml and data:application/xml can render SVG content with JavaScript execution capabilities, effectively neutralizing the intended security controls.
This vulnerability maps to CWE-79 (Cross-site Scripting) and CWE-20 (Improper Input Validation) within the Common Weakness Enumeration framework, representing a classic case of incomplete input validation where the security controls fail to account for all possible attack vectors. The ATT&CK framework categorizes this under T1203 (Exploitation for Client Execution) and T1566 (Phishing) as it leverages social engineering techniques to deliver malicious SVG content that executes JavaScript when users interact with crafted links. The vulnerability demonstrates poor defense-in-depth principles where a single point of failure in the input sanitization process creates a complete bypass of security controls. The fix implemented in version 3.6.1 addresses the incomplete blocklist by expanding the sanitization rules to include the previously missed MIME types, thereby restoring proper protection against malicious data URL injection in SVG content.