CVE-2026-59833 - SiYuan: Stored XSS to RCE in SiYuan via a per-attribute URL-scheme sanitizer gap in Lute (form action / SVG xlink:href)
CVE ID :CVE-2026-59833 Published : July 9, 2026, 11:17 p.m. | 1 hour, 15 minutes ago Description :SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization enabled, but Lute's...