CVE-2026-41421 | SiYuan up to 3.6.4 Notification Message pushMsg msg os command injection (GHSA-grjj-6f6g-cq8q)

Inserito da Angelo Barbosa | Apr 24, 2026 | CVE

A vulnerability has been found in SiYuan up to 3.6.4 and classified as critical. This affects an unknown part of the file /api/notification/pushMsg of the component Notification Message Handler. The manipulation of the argument msg leads to os command injection.

This vulnerability is uniquely identified as CVE-2026-41421. Local access is required to approach this attack. No exploit exists.

The affected component should be upgraded.

CVE-2026-41421 | SiYuan up to 3.6.4 Notification Message pushMsg msg os command injection (GHSA-grjj-6f6g-cq8q)

Post correlati

CVE-2025-11404 | SourceCodester Hotel and Lodge Management System 1.0 /pages/save_tax.php percentage sql injection

CVE-2025-8519 | givanz Vvveb up to 1.0.5 Drag-and-Drop Editor editor url information disclosure

CVE-2024-20140 | MediaTek MT8532 Power out-of-bounds write (MSV-2020 / ALPS09270402)

CVE-2025-58264 | artbees JupiterX Core Plugin up to 4.10.1 on WordPress cross site scripting