Vulnerability Description
SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts (RoleReader) to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint requires only the model.CheckAuth role, which accepts RoleReader sessions, but it does not enforce stricter checks, such as CheckAdminRole or CheckReadonly. This allows remote authenticated publish users with read-only privileges to append new blocks to existing documents, compromising the integrity of stored notes.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| B3Log | Siyuan | < 3.5.10 |
Related Weaknesses (CWE)
References
- https://github.com/siyuan-note/siyuan/security/advisories/GHSA-f9cq-v43p-v523ExploitVendor Advisory
- https://github.com/siyuan-note/siyuan/security/advisories/GHSA-f9cq-v43p-v523ExploitVendor Advisory
FAQ
What is CVE-2026-30926?
CVE-2026-30926 is a vulnerability with a CVSS score of 7.1 (HIGH). SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts (RoleRea...
How severe is CVE-2026-30926?
CVE-2026-30926 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-30926?
Check the references section above for vendor advisories and patch information. Affected products include: B3Log Siyuan.