CVE-2026-34453: CWE-863: Incorrect Authorization in siyuan-note siyuan
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling FilterBlocksByPublishAccess(nil, ...). Because the filter treats a nil context as authorized, it skips the publish password check and returns bookmarked blocks from documents configured as Protected. As a result, anyone who can access the publish service can retrieve content from protected documents without providing the required password, as long as at least one block in the document is bookmarked. This issue has been patched in version 3.6.2.
AI Analysis
Technical Summary
SiYuan versions before 3.6.2 contain an authorization bypass vulnerability (CWE-863) in the publish service's handling of bookmarked blocks. Specifically, the API endpoint /api/bookmark/getBookmark uses a filter function that, when given a nil context, skips the password protection check on documents marked as Protected. Consequently, unauthenticated users can retrieve bookmarked content from password-protected documents if any block within is bookmarked. This vulnerability has been patched in version 3.6.2.
Potential Impact
The vulnerability allows unauthenticated remote attackers to access confidential content from password-protected documents via the publish service, resulting in a confidentiality breach. There is no impact on integrity or availability. The CVSS 3.1 base score is 7.5 (high), reflecting network attack vector, low attack complexity, no privileges required, no user interaction, and high confidentiality impact.
Mitigation Recommendations
Upgrade SiYuan to version 3.6.2 or later, where this authorization bypass vulnerability has been fixed. No additional mitigation is required once the official patch is applied. Patch status is confirmed by the vendor advisory indicating the issue is resolved in version 3.6.2.
CVE-2026-34453: CWE-863: Incorrect Authorization in siyuan-note siyuan
Description
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling FilterBlocksByPublishAccess(nil, ...). Because the filter treats a nil context as authorized, it skips the publish password check and returns bookmarked blocks from documents configured as Protected. As a result, anyone who can access the publish service can retrieve content from protected documents without providing the required password, as long as at least one block in the document is bookmarked. This issue has been patched in version 3.6.2.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
SiYuan versions before 3.6.2 contain an authorization bypass vulnerability (CWE-863) in the publish service's handling of bookmarked blocks. Specifically, the API endpoint /api/bookmark/getBookmark uses a filter function that, when given a nil context, skips the password protection check on documents marked as Protected. Consequently, unauthenticated users can retrieve bookmarked content from password-protected documents if any block within is bookmarked. This vulnerability has been patched in version 3.6.2.
Potential Impact
The vulnerability allows unauthenticated remote attackers to access confidential content from password-protected documents via the publish service, resulting in a confidentiality breach. There is no impact on integrity or availability. The CVSS 3.1 base score is 7.5 (high), reflecting network attack vector, low attack complexity, no privileges required, no user interaction, and high confidentiality impact.
Mitigation Recommendations
Upgrade SiYuan to version 3.6.2 or later, where this authorization bypass vulnerability has been fixed. No additional mitigation is required once the official patch is applied. Patch status is confirmed by the vendor advisory indicating the issue is resolved in version 3.6.2.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-27T18:18:14.895Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69cc424fe6bfc5ba1d44f4be
Added to database: 3/31/2026, 9:53:19 PM
Last enriched: 4/8/2026, 2:04:55 AM
Last updated: 5/16/2026, 4:12:40 AM
Views: 95
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.