CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



CVE-2026-54068

CVE-2026-54068: Unauthenticated Server-Side Template Injection and SQLite Exfiltration in SiYuan PKM

Amit Schendel
Amit Schendel
Senior Security Researcher

Jul 11, 2026·5 min read·3 visits

Executive Summary (TL;DR)

An unauthenticated API endpoint in SiYuan PKM before 3.7.0 evaluates user-controlled input using the Go template engine. Remote attackers can leverage registered SQL helper functions to query the underlying SQLite database and exfiltrate notes, credentials, and system metadata.

An authentication bypass in the SiYuan personal knowledge management system before version 3.7.0 exposes a dynamic icon rendering endpoint. This endpoint processes client-supplied Go template directives. By submitting a crafted request, an unauthenticated remote attacker can leverage registered database template functions to execute arbitrary read-only SQL queries and exfiltrate workspace contents.

Vulnerability Overview

The SiYuan personal knowledge management system utilizes a client-server architecture where a Go-based backend (referred to as the kernel) processes internal system tasks and serves API requests. The core application exposes multiple endpoints to manipulate blocks, render views, and serve asset files. Among these endpoints, several are exposed publicly to handle system bootstrap processes and generate transient resources without requiring session validation.\n\nPrior to version 3.7.0, the API endpoint /api/icon/getDynamicIcon was designated as an unauthenticated route in the router configuration. This endpoint is responsible for rendering user-customized SVG files based on specified icon configurations and text formats. Because it lacked session validation, any remote network client with connectivity to the application interface could access this endpoint directly.\n\nThe unauthenticated status of this handler combined with the dynamic template processing logic exposes a significant attack surface. Unauthenticated users are permitted to supply structured query parameters that directly trigger internal compilation components. The subsequent sections explore how this lack of access control allows remote actors to invoke privileged system database actions.

Root Cause Analysis

The underlying flaw stems from the implementation of type 8 (text-based) icon generation in the backend handler. When the query parameter type is set to 8, the endpoint routes control to the generateTypeEightSVG function inside kernel/api/icon.go. This function checks the incoming request parameter content to verify if it contains the string token .action{.\n\nWhen this specific token is detected, the application transfers execution to RenderDynamicIconContentTemplate within the kernel/model/template.go file. This function initializes a Go text/template compilation engine utilizing .action{ and } as the template action delimiters. It maps a set of built-in file system and data access routines directly into the active compilation scope.\n\nThe crucial error is the registration of SQLite database queries in this template engine. The template initialization logic merges internal SQL query helper functions, specifically querySQL and queryBlocks, into the template's executive execution environment. Because the backend does not validate or clean the user-supplied string before parsing, Go compiles and executes the template's functional statements, which includes running any embedded database queries.

Code Analysis

The vulnerability resides in the router registration block in kernel/api/router.go. In affected versions, the API handlers are divided into authenticated and unauthenticated sections. The /api/icon/getDynamicIcon route was grouped with standard unauthenticated endpoints such as the boot progress tracker.\n\ngo\n// Affected Router Registration (kernel/api/router.go)\nginServer.Handle("GET", "/api/icon/getDynamicIcon", getDynamicIcon)\n\n\nThe corresponding patch alters this registration by enforcing the model.CheckAuth middleware. This ensures that any incoming request validates session identifiers before reaching the handler.\n\ngo\n// Patched Router Registration (kernel/api/router.go)\nginServer.Handle("GET", "/api/icon/getDynamicIcon", model.CheckAuth, getDynamicIcon)\n\n\nmermaid\ngraph LR\n Client["Client Request"] --> Router["router.go"]\n Router -- "Unauthenticated (Vulnerable)" --> Handler["getDynamicIcon"]\n Router -- "Authenticated (Patched)" --> Middleware["model.CheckAuth"]\n Middleware -- "Valid Session" --> Handler\n Middleware -- "Invalid Session" --> Denied["401 Unauthorized"]\n Handler --> Template["Template Evaluation"]\n Template --> SQL["SQLite execution via querySQL"]\n

Exploitation Methodology

To exploit this vulnerability, an attacker must craft an HTTP request containing a valid database template statement. The primary prerequisite is discovering a valid block identifier (ID) within the database. Because SiYuan uses block-level notes, block IDs are routinely leaked through shared links, configuration files, or public document structures.\n\nAfter obtaining a valid block ID, the attacker targets the /api/icon/getDynamicIcon endpoint. The attacker sets the type parameter to 8 and the id parameter to the discovered block ID. The critical payload is passed via the content parameter, utilizing the custom template delimiter .action{ followed by the database execution function.\n\nAn example request payload targets the internal database to exfiltrate table contents. By supplying .action{querySQL "SELECT content FROM blocks LIMIT 1"}, the application executes the query against the SQLite backend. The returned string result is placed inside the <text> element of the resulting SVG payload, transferring the confidential data within the image structure to the unauthenticated requester.

Impact Assessment

The security impact is marked as a high confidentiality threat. The SQLite database contains the entirety of the user's workspace, including note content, system configurations, credential blocks, and synchronization metadata. Unauthenticated access allows complete extraction of this database without triggering endpoint logs associated with typical administrative functions.\n\nBecause the action does not modify the underlying database, the integrity and availability impacts are classified as none. The exploit complexity is rated as high because the attacker must first acquire or guess a valid block ID to satisfy the node retrieval check inside RenderDynamicIconContentTemplate. This requirement prevents automated blind scanning from immediately retrieving data unless standard default block configurations are present.\n\nThe vulnerability is tracked under CVE-2026-54068 and GHSA-gcm7-57gf-953c. The CVSS base score of 5.9 reflects the remote capability to read highly sensitive local system data offset by the complexity required to target specific instance files.

Remediation & Detection Guidance

Addressing this issue requires updating the SiYuan application deployment to version 3.7.0 or newer. This update migrates the dynamic icon endpoint behind the core authentication layer. If immediate updates are not possible, administrators should use system firewalls or reverse proxy rules to drop external requests targeting /api/icon/getDynamicIcon.\n\nTo identify vulnerable servers, security teams can execute testing queries that do not require valid block IDs. Sending a GET request to the target dynamic icon endpoint with type 8 will elicit a specific behavior. If the server responds with an HTTP 200 and an SVG image content type, the system is lacking authentication checks and remains vulnerable.\n\nConversely, a secure instance will return a 401 Unauthorized status or redirect the client to the login page. Continuous monitoring of web application logs for unusual queries targeting the dynamic icon URL path helps identify potential reconnaissance and targeted exploitation attempts.

Official Patches

siyuan-noteCore routing fix enforcing authentication

Fix Analysis (1)

Technical Appendix

CVSS Score
5.9/ 10
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Probability
0.24%
Top 85% most exploited

Affected Systems

SiYuan Open-Source Personal Knowledge Management System

Affected Versions Detail

Product
Affected Versions
Fixed Version
siyuan
siyuan-note
< 3.7.03.7.0
AttributeDetail
CWE IDCWE-306
Attack VectorNetwork (AV:N)
CVSS Score5.9 (Medium)
EPSS Score0.00239 (Percentile Rank: 14.92%)
ImpactHigh Confidentiality Leakage
Exploit StatusProof-of-Concept
KEV StatusNot Listed

MITRE ATT&CK Mapping

T1190Exploit Public-Facing Application
Initial Access
CWE-306
Missing Authentication for Critical Function

The product does not perform any authentication for a functionality that requires a proven user identity or is restricted to a specified set of identities.

References & Sources

  • [1]GitHub Security Advisory GHSA-gcm7-57gf-953c

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•about 2 hours ago•CVE-2026-54069
9.1

CVE-2026-54069: Authentication Bypass in SiYuan Note via Origin Header Spoofing

CVE-2026-54069 is a critical authentication bypass vulnerability in the SiYuan Note personal knowledge management system. The flaw is located in the HTTP server's middleware handling API authorization, which unconditionally trusts requests carrying a 'chrome-extension://' scheme in the Origin HTTP header, granting administrative access without validating API tokens.

Alon Barad
Alon Barad
2 views•5 min read
•about 2 hours ago•CVE-2026-54089
9.1

CVE-2026-54089: Authentication Bypass by Spoofing in File Browser

CVE-2026-54089 is a critical authentication bypass vulnerability in File Browser affecting instances configured with proxy-based authentication. An unauthenticated remote attacker with direct network access can impersonate arbitrary users or register new accounts by spoofing configured HTTP headers.

Amit Schendel
Amit Schendel
3 views•7 min read
•about 3 hours ago•GHSA-99J7-FHR2-XFJ4
10.0

GHSA-99J7-FHR2-XFJ4: Malicious Remote Code Execution Payload in 'exploration' Cargo Crate

The malicious Cargo package 'exploration' was uploaded to the crates.io registry. During compilation or package import, the crate executes code designed to establish an outbound TCP/HTTP connection, download an external second-stage binary, and execute the binary locally on the host machine. This creates an unauthenticated remote code execution vector impacting developer environments and continuous integration pipelines.

Amit Schendel
Amit Schendel
6 views•6 min read
•about 3 hours ago•CVE-2026-54088
9.3

CVE-2026-54088: Pre-Authentication Remote Code Execution in File Browser Hook Authentication

CVE-2026-54088 is a critical command injection vulnerability in File Browser prior to version 2.63.6. When Hook Authentication is enabled, the application interpolates unsanitized credentials into a shell command, allowing unauthenticated remote code execution.

Alon Barad
Alon Barad
4 views•6 min read
•about 4 hours ago•GHSA-QV4M-M73M-8HJ7
8.8

GHSA-qv4m-m73m-8hj7: Authenticated Arbitrary File Upload leading to Remote Code Execution in NotrinosERP

An authenticated remote code execution vulnerability exists in NotrinosERP (versions up to and including 1.0.0) within the Human Resource Management (HRM) module. Users with employee management permissions can upload arbitrary file types, including PHP scripts, which are written directly to a web-accessible directory. This allows for arbitrary code execution in the context of the web-server user.

Alon Barad
Alon Barad
4 views•6 min read
•about 4 hours ago•GHSA-XRMC-C5CG-RV7X
8.8

GHSA-XRMC-C5CG-RV7X: Security Bypass Vulnerability in safeinstall-cli Command Parser

A high-severity security bypass vulnerability exists in safeinstall-cli up to version 0.10.1. Due to multiple logical limitations in its shell command parsing mechanism (guard-parser), attackers can craft specific shell commands that completely evade the Agent Guard interceptor hooks. This allows arbitrary unverified installations and code executions on the developer system when executed by AI coding agents.

Alon Barad
Alon Barad
4 views•7 min read