NIXPKGS-2026-0596

GitHub issue published on

Permalink CVE-2026-30926

7.1 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): HIGH
Availability impact (A): NONE

updated 4 weeks ago by @mweinelt Activity log

Created automatic suggestion 4 weeks, 2 days ago
@mweinelt accepted 4 weeks ago
@mweinelt published on GitHub 4 weeks ago

SiYuan Note publish service authorization bypass allows low-privilege users to modify notebook content

SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts (RoleReader) to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint requires only the model.CheckAuth role, which accepts RoleReader sessions, but it does not enforce stricter checks, such as CheckAdminRole or CheckReadonly. This allows remote authenticated publish users with read-only privileges to append new blocks to existing documents, compromising the integrity of stored notes.

References

https://github.com/siyuan-note/siyuan/security/advisories/GHSA-f9cq-v43p-v523 x_refsource_CONFIRM

Affected products

siyuan

==< 3.5.10

Matching in nixpkgs

pkgs.siyuan

Privacy-first personal knowledge management system that supports complete offline usage, as well as end-to-end encrypted data sync

nixos-unstable 3.5.8
- nixpkgs-unstable 3.5.8
- nixos-unstable-small 3.5.8
nixos-25.11 3.5.4
- nixos-25.11-small 3.5.4
- nixpkgs-25.11-darwin 3.5.4

Package maintainers

@TomaSajt TomaSajt
@L-Trump Luo Chen <ltrump@163.com>

https://github.com/siyuan-note/siyuan/security/advisories/GHSA-f9cq-v43p-v523

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0596

References

Affected products

Matching in nixpkgs

pkgs.siyuan

Package maintainers