Listen to this Post
How the mentioned CVE works:
The vulnerability stems from eight API endpoints registered with only `model.CheckAuth` in kernel/api/router.go, omitting `model.CheckAdminRole` and model.CheckReadonly. Endpoints: /api/graph/getGraph, /api/graph/getLocalGraph, /api/sync/setSyncInterval, /api/storage/updateRecentDocViewTime, /api/storage/updateRecentDocCloseTime, /api/storage/updateRecentDocOpenTime, /api/storage/batchUpdateRecentDocCloseTime, /api/search/updateEmbedBlock. Any authenticated JWT (including publish‑mode `RoleReader` – anonymous visitor – or `RoleEditor` with Editor.ReadOnly=true) can invoke them. Despite “get” verbs, `getGraph` and `getLocalGraph` overwrite `model.Conf.Graph.Global` and `Local` with caller‑supplied JSON, then call model.Conf.Save(), atomically rewriting <workspace>/conf/conf.json. `setSyncInterval` writes `Conf.Sync.Interval` (clamped 30–43200 seconds), persists via Save(), and reschedules sync, allowing 30s hammering or 12h pause. `updateEmbedBlock` calls `model.UpdateEmbedBlock` → updateEmbedBlockContent, which directly updates the SQL `blocks.content` column for any embed‑block ID without publish‑access checks, poisoning search results. Four `updateRecentDoc` functions rewrite the workspace recent‑docs JSON, letting a reader insert any `rootID` (including private notebooks) into the admin’s UI. This is the same root‑cause class as patched GHSA‑6r88‑8v7q‑q4p2 and GHSA‑4j3x‑hhg2‑fm2x. The fix requires adding `model.CheckAdminRole` and `model.CheckReadonly` to each affected `ginServer.Handle` call.
Platform: SiYuan Note
Version: v3.6.5 (up to)
Vulnerability: Auth bypass, config/sql write
Severity: Critical
date: 2026-05-13
Prediction: 2026-05-20
What Undercode Say:
Check missing role gates in router
grep -nE 'ginServer.Handle.(getGraph|getLocalGraph|setSyncInterval|updateEmbedBlock|updateRecentDoc|batchUpdateRecentDocCloseTime)' kernel/api/router.go | grep -vE 'CheckAdminRole|CheckReadonly'
PoC: Set sync interval to 30s as Reader
curl -s -b /tmp/sy.cookie -X POST http://127.0.0.1:6806/api/sync/setSyncInterval -H 'Content-Type: application/json' -d '{"interval":30}'
PoC: Overwrite graph config
curl -s -b /tmp/sy.cookie -X POST http://127.0.0.1:6806/api/graph/getGraph -H 'Content-Type: application/json' -d '{"k":"","conf":{"minRefs":99,"maxBlocks":1}}'
PoC: Poison embed block content
curl -s -b /tmp/sy.cookie -X POST http://127.0.0.1:6806/api/search/updateEmbedBlock -H 'Content-Type: application/json' -d '{"id":"<embed-block-id>","content":"poisoned"}'
Verify conf.json rewrite
docker exec siyuan grep -oE '\"minRefs\":[0-9]+' /siyuan/workspace/conf/conf.json
Exploit:
- Authenticate as any `CheckAuth` role (e.g., publish visitor using
authCode). - Call `setSyncInterval` to force 30s sync or 43200s pause.
- Call
getGraph/getLocalGraphwith malicious `conf` to corrupt graph rendering. - Call `updateEmbedBlock` with an existing embed‑block ID to inject poisoned content into SQL index.
- Call `updateRecentDocViewTime` etc. with arbitrary `rootID` to manipulate admin’s recent docs list and disclose private notebook IDs.
Protection from this CVE
- Upgrade to patched version once available (adds
CheckAdminRole+CheckReadonlyto the eight endpoints). - Until patch, block the affected API paths at reverse proxy level (e.g.,
location ~ ^/api/(graph/getGraph|graph/getLocalGraph|sync/setSyncInterval|search/updateEmbedBlock|storage/updateRecentDoc) { deny all; }). - Run SiYuan with `Editor.ReadOnly=true` workspaces behind a trusted network, and disable anonymous publish‑mode if not required.
- Monitor `conf.json` and SQL `blocks.content` for unexpected changes.
Impact
- Remote unauthenticated (publish‑mode) attacker can rewrite entire workspace configuration, corrupt graph visualisation, pause or overload cloud sync, poison search results visible to all users, and leak private notebook IDs into recent‑docs UI.
- Race conditions with legitimate admin saves may cause permanent config loss.
- Denial of service via 30s sync hammering (battery/bandwidth) or 12h sync pause leading to data divergence.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

