CVE-2026-50551: SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content

Severity: Critical

CVSS Score: 10

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting (XSS) vulnerability in the Attribute View (database) asset cell renderer that escalates to remote code execution (RCE) in the Electron desktop client. This vulnerability is fixed in 3.7.0.