SSRF in Siyuan-note Siyuan

CVE-2026-40107

SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, <img> tags with src attributes survive Mermaid's internal DOMPurify and land in…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.001 (19.1th percentile) — read the EPSS interpretation.