2 matches found
CVE-2026-30926 SiYuan Note publish service authorization bypass allows low-privilege users to modify notebook content
SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts RoleReader to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint...
CVE-2026-30926
creationtimestamp| type| source ---|---|--- 2026-03-07 02:16:33+00:00| published-proof-of-concept| https://github.com/siyuan-note/siyuan/security/advisories/GHSA-f9cq-v43p-v523...