CVE-2026-34453
Unauthorized Access in SiYuan Publish Service Exposes Protected Content
Publication date: 2026-03-31
Last updated on: 2026-04-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| b3log | siyuan | to 3.6.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects SiYuan, a personal knowledge management system, in versions prior to 3.6.2. The issue occurs in the publish service, which exposes bookmarked blocks from password-protected documents to unauthenticated visitors. Specifically, when the system is in publish/read-only mode, the function responsible for filtering bookmarks treats a nil context as authorized, thereby skipping the password check for protected documents. As a result, anyone accessing the publish service can retrieve content from these protected documents without needing the password, provided that at least one block in the document is bookmarked.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive information stored in password-protected documents. Since protected content can be accessed without authentication if it contains bookmarked blocks, confidential or private data may be exposed to anyone with access to the publish service. This could result in data breaches, loss of privacy, and potential misuse of the exposed information.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade SiYuan to version 3.6.2 or later, where the issue has been patched.
Until the upgrade is applied, restrict access to the publish service to trusted users only to prevent unauthenticated visitors from retrieving bookmarked blocks from protected documents.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthorized access to bookmarked blocks from password-protected documents, potentially exposing sensitive or protected information without authentication.
Such unauthorized data exposure could lead to non-compliance with data protection regulations like GDPR or HIPAA, which require strict controls over access to personal or sensitive information.
However, the provided information does not explicitly state the impact on compliance with these standards.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the SiYuan publish service exposing bookmarked blocks from password-protected documents without authentication prior to version 3.6.2.
To detect if your system is vulnerable, you can attempt to access the publish service's bookmark API endpoint without authentication and check if bookmarked content from protected documents is returned.
For example, you can use the following command to test the vulnerability:
- curl -s http://<si_yuan_host>/api/bookmark/getBookmark
If the response includes bookmarked blocks from documents that should be password-protected, your system is vulnerable.
Note that this test should be performed in a controlled environment and with proper authorization.