Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-34453— SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish visitors to read password-protected bookmarked content

CVSS 7.5 · High EPSS 3.65% · P88
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-34453

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish visitors to read password-protected bookmarked content
Source: NVD (National Vulnerability Database)
Vulnerability Description
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling FilterBlocksByPublishAccess(nil, ...). Because the filter treats a nil context as authorized, it skips the publish password check and returns bookmarked blocks from documents configured as Protected. As a result, anyone who can access the publish service can retrieve content from protected documents without providing the required password, as long as at least one block in the document is bookmarked. This issue has been patched in version 3.6.2.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
SiYuan 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SiYuan是SiYuan开源的一个隐私至上的个人知识管理系统。 SiYuan 3.6.2之前版本存在安全漏洞,该漏洞源于发布服务对书签块的访问控制不当,可能导致未经身份验证的访问者检索受保护文档内容。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
siyuan-notesiyuan < 3.6.2 -

II. Public POCs for CVE-2026-34453

#POC DescriptionSource LinkShenlong Link
1SiYuan v3.6.2 contains an information disclosure vulnerability caused by improper authorization checks in the publish service's bookmark filtering, letting unauthenticated visitors access bookmarked blocks from password-protected documents, exploit requires access to the publish service. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-34453.yamlPOC Details
AI-Generated POCPremium
Qwen3.6-35B-A3B · 10352 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month

III. Intelligence Information for CVE-2026-34453

登录查看更多情报信息。

Same Patch Batch · siyuan-note · 2026-03-31 · 5 CVEs total

CVE-2026-344499.7 CRITICALSiYuan: Cross-Origin RCE via Permissive CORS Policy and JavaScript Snippet Injection
CVE-2026-344489.1 CRITICALSiYuan: Stored XSS in Attribute View gallery/kanban cover rendering allows arbitrary comma
CVE-2026-345858.6 HIGHSiYuan: Stored XSS in imported .sy.zip content leads to arbitrary command execution
CVE-2026-34605SiYuan: Reflected XSS via SVG namespace prefix bypass in SanitizeSVG ( getDynamicIcon, una

IV. Related Vulnerabilities

Same product: siyuan
Same vendor: siyuan-note
Same weakness: CWE-863

V. Comments for CVE-2026-34453

No comments yet

Leave a comment