SUSE CVE-2026-30926

SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts RoleReader to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint...

SiYuan 安全漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan prior to 3.5.10 contained security vulnerabilities. These vulnerabilities stemmed from insufficient permission checks for the/api/block/appendheadingChildren API endpoint, which could...

CVE-2026-30926

Technical details about CVE-2026-30926 are not provided in the connected documents. The initial description contains specifics, but the connected SUSE/PTSecurity updates do not elaborate on affected products or impact. Monitor for official advisories.

GHSA-F9CQ-V43P-V523 SiYuan: Authorization Bypass Allows Low-Privilege Publish User to Modify Notebook Content via /api/block/appendHeadingChildren

Summary A privilege escalation vulnerability exists in the publish service of SiYuan Note that allows a low-privilege publish account RoleReader to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint only requires model.CheckAuth, which accepts RoleReader...

EUVD-2026-10393

SiYuan: Authorization Bypass Allows Low-Privilege Publish User to Modify Notebook Content via /api/block/appendHeadingChildren...

PT-2026-24116

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.10 Description A privilege escalation issue exists in the publish service of SiYuan Note. A low-privilege publish account RoleReader can modify notebook content through the /api/block/appendHeadingChildren API...