CVE-2026-34453
Received Received - Intake
Unauthorized Access in SiYuan Publish Service Exposes Protected Content

Publication date: 2026-03-31

Last updated on: 2026-04-03

Assigner: GitHub, Inc.

Description
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling FilterBlocksByPublishAccess(nil, ...). Because the filter treats a nil context as authorized, it skips the publish password check and returns bookmarked blocks from documents configured as Protected. As a result, anyone who can access the publish service can retrieve content from protected documents without providing the required password, as long as at least one block in the document is bookmarked. This issue has been patched in version 3.6.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-31
Last Modified
2026-04-03
Generated
2026-06-16
AI Q&A
2026-04-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34453
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
b3log siyuan to 3.6.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects SiYuan, a personal knowledge management system, in versions prior to 3.6.2. The issue occurs in the publish service, which exposes bookmarked blocks from password-protected documents to unauthenticated visitors. Specifically, when the system is in publish/read-only mode, the function responsible for filtering bookmarks treats a nil context as authorized, thereby skipping the password check for protected documents. As a result, anyone accessing the publish service can retrieve content from these protected documents without needing the password, provided that at least one block in the document is bookmarked.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive information stored in password-protected documents. Since protected content can be accessed without authentication if it contains bookmarked blocks, confidential or private data may be exposed to anyone with access to the publish service. This could result in data breaches, loss of privacy, and potential misuse of the exposed information.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade SiYuan to version 3.6.2 or later, where the issue has been patched.

Until the upgrade is applied, restrict access to the publish service to trusted users only to prevent unauthenticated visitors from retrieving bookmarked blocks from protected documents.

Compliance Impact

This vulnerability allows unauthorized access to bookmarked blocks from password-protected documents, potentially exposing sensitive or protected information without authentication.

Such unauthorized data exposure could lead to non-compliance with data protection regulations like GDPR or HIPAA, which require strict controls over access to personal or sensitive information.

However, the provided information does not explicitly state the impact on compliance with these standards.

Detection Guidance

This vulnerability involves the SiYuan publish service exposing bookmarked blocks from password-protected documents without authentication prior to version 3.6.2.

To detect if your system is vulnerable, you can attempt to access the publish service's bookmark API endpoint without authentication and check if bookmarked content from protected documents is returned.

For example, you can use the following command to test the vulnerability:

  • curl -s http://<si_yuan_host>/api/bookmark/getBookmark

If the response includes bookmarked blocks from documents that should be password-protected, your system is vulnerable.

Note that this test should be performed in a controlled environment and with proper authorization.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34453. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart