EUVD-2026-30353

🗓️ 14 May 2026 18:19:31Reported by EUVDType

Before 3.7.0, readers could enumerate hidden metadata due to broken access control in search features.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2026-45148	8 May 202603:05	–	circl
CNNVD	SiYuan 安全漏洞	14 May 202600:00	–	cnnvd
CVE	CVE-2026-45148	14 May 202618:19	–	cve
Cvelist	CVE-2026-45148 SiYuan: Broken access control in SiYuan publish-mode Readers can enumerate metadata	14 May 202618:19	–	cvelist
Github Security Blog	SiYuan has broken access control in `/api/search/{searchAsset,searchTag,searchWidget,searchTemplate}` publish-mode	13 May 202615:33	–	github
NVD	CVE-2026-45148	14 May 202619:16	–	nvd
OSV	GHSA-FMH9-GPQH-G53G SiYuan has broken access control in `/api/search/{searchAsset,searchTag,searchWidget,searchTemplate}` publish-mode	13 May 202615:33	–	osv
Positive Technologies	PT-2026-40727	13 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-45148	15 May 202619:57	–	redhatcve
Vulnrichment	CVE-2026-45148 SiYuan: Broken access control in SiYuan publish-mode Readers can enumerate metadata	14 May 202618:19	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "62d9b0e7-9dd2-3523-91ec-d7f3a5ee9c21",
        "vendor": {
          "name": "siyuan-note"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "3763f7e1-fc01-3000-a05c-3e9dad7fb0a2",
        "product": {
          "name": "SiYuan"
        },
        "product_version": "< 3.7.0"
      },
      {
        "id": "febeed73-994c-35e6-851b-ed53a1c7415e",
        "product": {
          "name": "SiYuan"
        },
        "product_version": "< 3.7.0"
      }
    ]
  }
]

Source	Link
github	www.github.com/siyuan-note/siyuan/security/advisories/GHSA-fmh9-gpqh-g53g

14 May 2026 18:19Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.14.3

EPSS0.00221