Back to CVE risk briefs

External risk intelligence

SiYuan could allow external attackers to gain full control of user systems.

SiYuan personal knowledge management systems could allow an attacker to gain full control of user systems, potentially compromising sensitive files or stored data on local workstations. There is currently no evidence of active exploitation for this issue.

NVD published May 14, 2026 (14 hours ago)

External risk briefCRITICAL

CVE-2026-44670

Halo Surface Signal

1/ 5

SiYuan is a personal knowledge management application typically deployed on individual user workstations. It functions as a local client-side tool rather than an internet-facing web application, service, or gateway, meaning it is not designed for exposure to the public internet in standard deployments.

Exposure facts

CVSS
9.4
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

H – Horizon Alert

The SiYuan personal knowledge management system contains a security flaw regarding how it processes database names. Because the software does not properly secure these names, it is susceptible to malicious input that can be executed by the application. This creates a risk of unauthorized code execution, which could allow an attacker to compromise the security and integrity of the data stored within the system.

A – Asset Exposure

This vulnerability impacts SiYuan, a personal knowledge management application typically deployed on individual user workstations. If triggered, the flaw allows unauthorized code execution within the application’s environment, which could result in compromised sensitive files or stored data managed by the user. Because this software operates within a local environment, the primary risk is centered on the security of the operational systems and the private information hosted on those specific devices.

L – Live Threat

At this time, there is no evidence to suggest that this vulnerability is being actively exploited or targeted by threat actors. The available information does not indicate the presence of public exploit activity or known real-world attacks. As such, there are no live-threat signals currently associated with this finding.

O – Operational Fix

We recommend that your team updates the SiYuan application to the latest release provided by the vendor to address this vulnerability. This update corrects how the system processes data, effectively mitigating the risk of unauthorized code execution. Please coordinate with your IT staff to identify and apply this patch across all active deployments.

References