CVE-2026-34453 in SiYuanИнформация

Сводка (Английский)

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling FilterBlocksByPublishAccess(nil, ...). Because the filter treats a nil context as authorized, it skips the publish password check and returns bookmarked blocks from documents configured as Protected. As a result, anyone who can access the publish service can retrieve content from protected documents without providing the required password, as long as at least one block in the document is bookmarked. This issue has been patched in version 3.6.2.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Ответственный

GitHub_M

Резервировать

27.03.2026

Раскрытие

01.04.2026

Статус

Подтверждённый

Записи

VulDB provides additional information and datapoints for this CVE:

ИДУязвимостьCWEЭксКонCVE
354572SiYuan Publish Service эскалация привилегий863Не определеноОфициальное исправлениеCVE-2026-34453

Описание

CPE

CWE

CVSS

Эксплойты

История

Разница

Связать

Разведка угроз

API JSON

API XML

API CSV

Источники

ПредыдущийОбзорДалее

Might our Artificial Intelligence support you?

Check our Alexa App!