CVE-2026-30926

SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts (RoleReader) to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint requires only the model.CheckAuth role, which accepts RoleReader sessions, but it does not enforce stricter checks, such as CheckAdminRole or CheckReadonly. This allows remote authenticated publish users with read-only privileges to append new blocks to existing documents, compromising the integrity of stored notes.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/siyuan-note/siyuan/security/advisories/GHSA-f9cq-v43p-v523	Exploit Vendor Advisory
https://github.com/siyuan-note/siyuan/security/advisories/GHSA-f9cq-v43p-v523	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:b3log:siyuan:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-10 07:44

Updated : 2026-03-13 17:06

NVD link : CVE-2026-30926

Mitre link : CVE-2026-30926

CVE.ORG link : CVE-2026-30926

JSON object : View

Products Affected

b3log

siyuan

CWE

CWE-284

Improper Access Control

CWE-862

Missing Authorization

{"id": "CVE-2026-30926", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 2.8}]}, "published": "2026-03-10T07:44:56.943", "references": [{"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-f9cq-v43p-v523", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-f9cq-v43p-v523", "tags": ["Exploit", "Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-862"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts (RoleReader) to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint requires only the model.CheckAuth role, which accepts RoleReader sessions, but it does not enforce stricter checks, such as CheckAdminRole or CheckReadonly. This allows remote authenticated publish users with read-only privileges to append new blocks to existing documents, compromising the integrity of stored notes."}, {"lang": "es", "value": "SiYuan es un sistema de gesti\u00f3n de conocimiento personal. Anteriormente a la 3.5.10, existe una vulnerabilidad de escalada de privilegios en el servicio de publicaci\u00f3n de SiYuan Note que permite a las cuentas de publicaci\u00f3n de bajo privilegio (RoleReader) modificar el contenido del cuaderno a trav\u00e9s del endpoint de la API /api/block/appendHeadingChildren. El endpoint requiere solo el rol model.CheckAuth, que acepta sesiones de RoleReader, pero no aplica comprobaciones m\u00e1s estrictas, como CheckAdminRole o CheckReadonly. Esto permite a los usuarios de publicaci\u00f3n remotos autenticados con privilegios de solo lectura a\u00f1adir nuevos bloques a documentos existentes, comprometiendo la integridad de las notas almacenadas."}], "lastModified": "2026-03-13T17:06:54.933", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:b3log:siyuan:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E7B145F-4786-4534-B4D6-A947F4CD06FE", "versionEndExcluding": "3.5.10"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}