CVE-2026-30926— SiYuan Note publish service authorization bypass allows low-privilege users to modify notebook content
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-30926
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SiYuan Note publish service authorization bypass allows low-privilege users to modify notebook content
Source: NVD (National Vulnerability Database)
Vulnerability Description
SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts (RoleReader) to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint requires only the model.CheckAuth role, which accepts RoleReader sessions, but it does not enforce stricter checks, such as CheckAdminRole or CheckReadonly. This allows remote authenticated publish users with read-only privileges to append new blocks to existing documents, compromising the integrity of stored notes.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
SiYuan 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SiYuan是SiYuan开源的一个隐私至上的个人知识管理系统。 SiYuan 3.5.10之前版本存在安全漏洞,该漏洞源于/api/block/appendHeadingChildren API端点权限检查不足,可能导致低权限发布账户修改笔记本内容。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| siyuan-note | siyuan | < 3.5.10 | - |
II. Public POCs for CVE-2026-30926
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-30926
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: siyuan
- CVE-2026-41894
SiYuan: Incomplete Fix Bypass for CVE-2026-30869: Path Trave - CVE-2026-41421
SiYuan Desktop Notification XSS Leads to Electron RCE - CVE-2026-40922
SiYuan: Incomplete sanitization of bazaar README allows stor - CVE-2026-40322
SiYuan: Mermaid `javascript:` Link Injection Leads to Stored - CVE-2026-40318
SiYuan: Publish Reader Path Traversal Delete via `removeUnus
Same vendor: siyuan-note
- CVE-2026-41894
SiYuan: Incomplete Fix Bypass for CVE-2026-30869: Path Trave - CVE-2026-41421
SiYuan Desktop Notification XSS Leads to Electron RCE - CVE-2026-40922
SiYuan: Incomplete sanitization of bazaar README allows stor - CVE-2026-40322
SiYuan: Mermaid `javascript:` Link Injection Leads to Stored - CVE-2026-40318
SiYuan: Publish Reader Path Traversal Delete via `removeUnus
Same weakness: CWE-284
- CVE-2026-42205
Avo: Broken Access Control: Unauthorized Execution of Arbitr - CVE-2026-41487
Langfuse: Improper role-based-access control in Langfuse LLM - CVE-2026-42278
UltraDAG: Smart Account Spending Policy Bypass via Pockets - CVE-2026-41646
Nuclei: Local File Read via require() Module Loader Bypass - CVE-2026-8127
eladmin Users API Endpoint UserController.java checkLevel ac
V. Comments for CVE-2026-30926
No comments yet