Attack Chain

1. An attacker crafts a malicious plugin manifest (plugin.json) containing a payload in the name or version fields, such as <img src=x onerror="require('child_process').exec('...')">.
2. The attacker submits the malicious plugin manifest to the SiYuan Bazaar marketplace, or places it in the local plugins directory.
3. The SiYuan kernel retrieves and stores the plugin manifest without properly sanitizing the name and version fields.
4. A user opens the SiYuan application and navigates to Settings → Marketplace → Downloaded → Plugins.
5. The SiYuan frontend fetches the plugin metadata, including the unsanitized name and version fields, from the backend.
6. The frontend substitutes the name or version fields into the HTML of the marketplace card list via ${item.preferredName}, ${data.name}, or v${data.version}.
7. The browser parses the malicious HTML, triggering the onerror event of the injected <img> tag.
8. The onerror handler executes require('child_process').exec(...), leading to arbitrary OS command execution under the user’s account.

Impact

Successful exploitation results in arbitrary OS command execution on the victim’s machine with the privileges of the user running the SiYuan application. This allows attackers to steal sensitive information, install malware, or perform other malicious actions. The vulnerability is triggered by simply viewing the marketplace listing, making it a zero-click exploit. The injected payload is visually undetectable due to the use of display:none style, making the attack stealthy. The Bazaar marketplace serves as a low-friction delivery channel.

Recommendation

• Deploy the Sigma rule Detect SiYuan Bazaar XSS via Malicious Plugin Name to detect exploitation attempts by monitoring for img tags with onerror attributes in bazaar package names.
• Deploy the Sigma rule Detect SiYuan Bazaar XSS via Malicious Plugin Version to detect exploitation attempts by monitoring for img tags with onerror attributes in bazaar package versions.
• Upgrade to a patched version of SiYuan that includes proper HTML escaping of package metadata to address CVE-2026-45375.
• Implement the suggested fix by extending the kernel allowlist in kernel/bazaar/package.go to escape the Name, Version, and Keywords fields.
• Apply the secondary fix by calling sanitizePackageDisplayStrings from kernel/bazaar/bazaar.go:48 to ensure consistent sanitization.
• Harden the Electron renderer by enabling contextIsolation: true in app/electron/main.js to limit the impact of future XSS vulnerabilities.