CVE-2026-45148— SiYuan: Broken access control in SiYuan publish-mode Readers can enumerate metadata
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-45148
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SiYuan: Broken access control in SiYuan publish-mode Readers can enumerate metadata
Source: NVD (National Vulnerability Database)
Vulnerability Description
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, searchTag, searchWidget, and searchTemplate publish-mode Readers can enumerate metadata from documents that are invisible to the publish service. This vulnerability is fixed in 3.7.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| siyuan-note | siyuan | < 3.7.0 | - |
II. Public POCs for CVE-2026-45148
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-45148
请登录查看更多情报信息。
Same Patch Batch · siyuan-note · 2026-05-14 · 7 CVEs total
| CVE-2026-45375 | 9.0 CRITICAL | SiYuan: Bazaar marketplace renders unescaped package `name` and `version` metadata, allowi |
| CVE-2026-44586 | 8.3 HIGH | SiYuan: Bazaar marketplace renders unescaped package author metadata, allowing XSS and Ele |
| CVE-2026-45147 | 4.3 MEDIUM | SiYuan: Broken access control in SiYuan `/api/tag/getTag` — Reader role can mutate `Conf.T |
| CVE-2026-45371 | SiYuan: SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs | |
| CVE-2026-44670 | SiYuan: Stored XSS via Attribute View name to Electron renderer RCE in SiYuan | |
| CVE-2026-44588 | SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into |
IV. Related Vulnerabilities
Same product: siyuan
- CVE-2026-44670
SiYuan: Stored XSS via Attribute View name to Electron rende - CVE-2026-44588
SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decode - CVE-2026-45147
SiYuan: Broken access control in SiYuan `/api/tag/getTag` — - CVE-2026-45371
SiYuan: SiYuan publish-mode Reader can mutate Conf and SQL i - CVE-2026-45375
SiYuan: Bazaar marketplace renders unescaped package `name`
Same vendor: siyuan-note
- CVE-2026-44670
SiYuan: Stored XSS via Attribute View name to Electron rende - CVE-2026-44588
SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decode - CVE-2026-45147
SiYuan: Broken access control in SiYuan `/api/tag/getTag` — - CVE-2026-45371
SiYuan: SiYuan publish-mode Reader can mutate Conf and SQL i - CVE-2026-45375
SiYuan: Bazaar marketplace renders unescaped package `name`
Same weakness: CWE-863
- CVE-2026-44633
Live Helper Chat: REST API chat update accepts arbitrary cha - CVE-2025-15023
Improper Access Control in Yordam Informatics' Library Autom - CVE-2026-44283
etcd: Read access via PrevKv in etcd transactions may bypass - CVE-2026-41888
Distribution: Tag deletion bypasses `storage.delete.enabled` - CVE-2026-44374
Backstage: Catalog unprocessed read endpoints allow authenti
V. Comments for CVE-2026-45148
No comments yet