Cyber Resilience

CVE-2026-29183

CriticalPublic PoC

Published: 06 March 2026

Published
06 March 2026
Modified
10 March 2026
KEV Added
Patch
CVSS Score v3.1 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
EPSS Score 0.0063 45.3th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-29183 is a critical-severity Cross-site Scripting (CWE-79) vulnerability in B3Log Siyuan. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

SiYuan, a personal knowledge management system, is affected by CVE-2026-29183, an unauthenticated reflected cross-site scripting (XSS) vulnerability in versions prior to 3.5.9. The flaw exists in the dynamic icon API endpoint GET /api/icon/getDynamicIcon when the type parameter is set to 8, where attacker-controlled content is embedded into SVG output without escaping.

The endpoint is unauthenticated and returns content with a media type of image/svg+xml, enabling an attacker to craft a URL that injects executable SVG or HTML event handlers, such as onerror, to execute JavaScript in the context of the SiYuan web origin. Exploitation requires a logged-in user to open the malicious link, after which the attacker can chain the XSS payload with authenticated API actions to exfiltrate sensitive data from the victim's account.

The issue has been patched in SiYuan version 3.5.9. Additional details on the vulnerability and remediation are available in the GitHub Security Advisory at https://github.com/siyuan-note/siyuan/security/advisories/GHSA-6865-qjcf-286f.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

SiYuan is a personal knowledge management system. Prior to version 3.5.9, an unauthenticated reflected XSS vulnerability exists in the dynamic icon API endpoint "GET /api/icon/getDynamicIcon" when type=8, attacker-controlled content is embedded into SVG output without escaping. Because the endpoint is…

more

unauthenticated and returns image/svg+xml, a crafted URL can inject executable SVG/HTML event handlers (for example onerror) and run JavaScript in the SiYuan web origin. This can be chained to perform authenticated API actions and exfiltrate sensitive data when a logged-in user opens the malicious link. This issue has been patched in version 3.5.9.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
Why these techniques?

Unauthenticated reflected XSS in public-facing web app endpoint enables exploitation of public-facing applications (T1190) and JavaScript execution (T1059.007) in victim browser context for further actions like data exfiltration.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-34605Same product: B3Log Siyuan
CVE-2026-32940Same product: B3Log Siyuan
CVE-2026-33066Same product: B3Log Siyuan
CVE-2026-33067Same product: B3Log Siyuan
CVE-2026-32751Same product: B3Log Siyuan
CVE-2026-34585Same product: B3Log Siyuan
CVE-2026-34448Same product: B3Log Siyuan
CVE-2026-23852Same product: B3Log Siyuan
CVE-2026-34453Same product: B3Log Siyuan
CVE-2026-39846Same product: B3Log Siyuan

Affected Assets

b3log
siyuan
≤ 3.5.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Filters SVG output to escape or block attacker-controlled content and executable event handlers like onerror, directly preventing reflected XSS injection.

prevent

Validates API inputs such as the type parameter to reject or sanitize malicious content before embedding into SVG responses.

prevent

Restricts unauthenticated inputs to the dynamic icon endpoint to whitelisted values or formats, limiting opportunities for XSS payload injection.

References