CVE-2026-45148— SiYuan: Broken access control in SiYuan publish-mode Readers can enumerate metadata
Affected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| siyuan-note | siyuan | < 3.7.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-45148
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SiYuan: Broken access control in SiYuan publish-mode Readers can enumerate metadata
Source: NVD (National Vulnerability Database)
Vulnerability Description
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, searchTag, searchWidget, and searchTemplate publish-mode Readers can enumerate metadata from documents that are invisible to the publish service. This vulnerability is fixed in 3.7.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| siyuan-note | siyuan | < 3.7.0 | - |
II. Public POCs for CVE-2026-45148
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-45148
请登录查看更多情报信息。
Same Patch Batch · siyuan-note · 2026-05-14 · 7 CVEs total
| CVE-2026-45375 | 9.0 CRITICAL | SiYuan: Bazaar marketplace renders unescaped package `name` and `version` metadata, allowi |
| CVE-2026-44586 | 8.3 HIGH | SiYuan: Bazaar marketplace renders unescaped package author metadata, allowing XSS and Ele |
| CVE-2026-45147 | 4.3 MEDIUM | SiYuan: Broken access control in SiYuan `/api/tag/getTag` — Reader role can mutate `Conf.T |
| CVE-2026-45371 | SiYuan: SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs | |
| CVE-2026-44670 | SiYuan: Stored XSS via Attribute View name to Electron renderer RCE in SiYuan | |
| CVE-2026-44588 | SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into |
IV. Related Vulnerabilities
Same product: siyuan
- CVE-2026-44670
SiYuan: Stored XSS via Attribute View name to Electron rende - CVE-2026-44588
SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decode - CVE-2026-45147
SiYuan: Broken access control in SiYuan `/api/tag/getTag` — - CVE-2026-45371
SiYuan: SiYuan publish-mode Reader can mutate Conf and SQL i - CVE-2026-45375
SiYuan: Bazaar marketplace renders unescaped package `name`
Same vendor: siyuan-note
- CVE-2026-44670
SiYuan: Stored XSS via Attribute View name to Electron rende - CVE-2026-44588
SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decode - CVE-2026-45147
SiYuan: Broken access control in SiYuan `/api/tag/getTag` — - CVE-2026-45371
SiYuan: SiYuan publish-mode Reader can mutate Conf and SQL i - CVE-2026-45375
SiYuan: Bazaar marketplace renders unescaped package `name`
Same weakness: CWE-863
- CVE-2026-45316
Open WebUI: Read-Only Users Can Toggle Note Pin Status via I - CVE-2026-44567
Open WebUI: Open WebUI Improper Authorization Control - CVE-2026-45672
Open WebUI: Jupyter code execution works despite `ENABLE_COD - CVE-2026-44557
Open WebUI: Global Knowledge Base Enumeration via knowledge- - CVE-2026-44561
Open WebUI: Deactivated Channel Members Retain Full Access t
V. Comments for CVE-2026-45148
No comments yet