27 matches found
SiYuan <= 3.6.5 - Unauthenticated Path Traversal
SiYuan = 3.6.5 contains a path traversal via double URL-encoding in the /assets/ route publish mode port 6808, allowing unauthenticated attackers to read arbitrary files inside WorkspaceDir including conf/conf.json which exposes the API token and access auth code. id: CVE-2026-54066 info: name:...
EUVD-2026-39122
SiYuan: Path Traversal via Double URL Encoding in /assets/path publish mode arbitrary file─read, Incomplete fix of CVE-2026-41894...
CVE-2026-59853
SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /api/storage/getCriteria endpoint returns saved search criteria from data/storage/criteria.json without the publish-access filtering used by sibling storage endpoints, allowing a publish-mode Reader to read private...
CVE-2026-59853
SiYuan prior to 3.7.1 exposes saved search criteria via /api/storage/getCriteria without publish-access filtering, enabling a publish-mode Reader to read private document paths, notebooks, documents, and block IDs, and to search/replace keywords for unpublished documents. This reflects a data-exp...
CVE-2026-59853 SiYuan: Publish-mode Reader can exfiltrate private saved-search Criteria via /api/storage/getCriteria (missing publish-access filter)
SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /api/storage/getCriteria endpoint returns saved search criteria from data/storage/criteria.json without the publish-access filtering used by sibling storage endpoints, allowing a publish-mode Reader to read private...
GO-2026-5402 SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs in github.com/siyuan-note/siyuan/kernel
SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs in github.com/siyuan-note/siyuan/kernel...
GO-2026-5370 SiYuan has broken access control in `/api/search/{searchAsset,searchTag,searchWidget,searchTemplate}` publish-mode in github.com/siyuan-note/siyuan/kernel
SiYuan has broken access control in /api/search/searchAsset,searchTag,searchWidget,searchTemplate publish-mode in github.com/siyuan-note/siyuan/kernel...
CVE-2026-54066
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 "Path Traversal via Double URL Encoding" sanitized the /export/ route but the identical root cause remains in the /assets/path route. In publish mode anonymous read-only HTTP endpoint,...
CVE-2026-54066
SiYuan
CVE-2026-54066 SiYuan: Path Traversal via Double URL Encoding in /assets/*path (publish mode arbitrary file─read)
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 "Path Traversal via Double URL Encoding" sanitized the /export/ route but the identical root cause remains in the /assets/path route. In publish mode anonymous read-only HTTP endpoint,...
PT-2026-52107
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description An unauthenticated remote attacker can read arbitrary files within the WorkspaceDir when the system is in publish mode, which is an anonymous read-only HTTP endpoint. This is achieved by using...
CVE-2026-45148
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, searchTag, searchWidget, and searchTemplate publish-mode Readers can enumerate metadata from documents that are invisible to the publish service. This vulnerability is fixed in...
CVE-2026-45371
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs. POST /api/graph/getGraph, POST /api/graph/getLocalGraph, POST /api/sync/setSyncInterval, POST /api/storage/updateRecentDocViewTime, POST...
CVE-2026-45371
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs. POST /api/graph/getGraph, POST /api/graph/getLocalGraph, POST /api/sync/setSyncInterval, POST /api/storage/updateRecentDocViewTime, POST...
CVE-2026-45148
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, searchTag, searchWidget, and searchTemplate publish-mode Readers can enumerate metadata from documents that are invisible to the publish service. This vulnerability is fixed in...
CVE-2026-45148
SiYuan (open-source personal knowledge management) before v3.7.0 has broken access control in publish-mode, allowing Readers to enumerate metadata across documents via the searchAsset, searchTag, searchWidget, and searchTemplate endpoints. The issue arises when a publish-mode RoleReader accesses ...
CVE-2026-45148 SiYuan: Broken access control in SiYuan publish-mode Readers can enumerate metadata
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, searchTag, searchWidget, and searchTemplate publish-mode Readers can enumerate metadata from documents that are invisible to the publish service. This vulnerability is fixed in...
EUVD-2026-30353
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, searchTag, searchWidget, and searchTemplate publish-mode Readers can enumerate metadata from documents that are invisible to the publish service. This vulnerability is fixed in...
CVE-2026-45148 SiYuan: Broken access control in SiYuan publish-mode Readers can enumerate metadata
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, searchTag, searchWidget, and searchTemplate publish-mode Readers can enumerate metadata from documents that are invisible to the publish service. This vulnerability is fixed in...
CVE-2026-45371 SiYuan: SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs. POST /api/graph/getGraph, POST /api/graph/getLocalGraph, POST /api/sync/setSyncInterval, POST /api/storage/updateRecentDocViewTime, POST...