Jul 11, 2026·5 min read·2 visits
A flaw in SiYuan Note's authorization middleware permits remote and local attackers to bypass authentication entirely by presenting a crafted Origin header starting with 'chrome-extension://'.
CVE-2026-54069 is a critical authentication bypass vulnerability in the SiYuan Note personal knowledge management system. The flaw is located in the HTTP server's middleware handling API authorization, which unconditionally trusts requests carrying a 'chrome-extension://' scheme in the Origin HTTP header, granting administrative access without validating API tokens.
SiYuan Note is a privacy-first, open-source personal knowledge management system. It relies on a local or remote backend kernel developed in Go, which hosts an HTTP API server on port 6806 by default. This backend handles data storage, configuration management, and integration with frontends, mobile devices, and browser extensions.\n\nThe attack surface is centered on the /api/* endpoints managed by the kernel. Under normal operations, these endpoints are protected by token-based authentication via the AccessAuthCode parameter. However, to facilitate integration with web clippers and browser extensions, the authorization middleware incorporates special handling for the standard browser origin headers.
The root cause of CVE-2026-54069 is an origin validation error categorized as CWE-346. Within the Go backend implementation of the CheckAuth middleware, incoming requests are analyzed for authorization before processing. To permit browser-extension-initiated requests, the developers implemented an explicit rule validating the Origin HTTP header.\n\ngo\n// Conceptual representation of the vulnerable authorization check\nfunc CheckAuth(c *gin.Context) {\n origin := c.GetHeader(\"Origin\")\n \n // VULNERABLE LOGIC: Blanket prefix matching on the Origin header\n if strings.HasPrefix(origin, \"chrome-extension://\") {\n c.Set(\"role\", RoleAdministrator)\n c.Next()\n return\n }\n \n // Regular API key check follows...\n}\n\n\nThis check fails in two critical ways. First, it relies on a simplistic prefix match (strings.HasPrefix) rather than checking the extension's unique cryptographic identifier against a strict allowlist. Second, it trusts a client-supplied HTTP header (Origin) over an open TCP connection. While browsers restrict the modification of the Origin header, external tools (such as Python scripts, curl, or custom network clients) can set this header to any arbitrary value, bypassing the browser-enforced security model.
The vulnerable code path is triggered during any incoming HTTP request to the /api/* endpoint space. The middleware inspects the request headers, extracts the Origin value, and evaluates the string prefix. If the prefix matches chrome-extension://, the middleware injects administrative privileges (RoleAdministrator) into the request context and skips further credential validation.\n\nIn version 3.7.0, the patch remediates this security flaw by removing the blanket, unauthenticated authorization of the chrome-extension:// prefix. The updated logic requires browser extensions to supply a valid API key or explicitly configured authorization token, bringing extension communications in line with standard API authentication mechanisms. This architectural change ensures that client-side headers cannot be manipulated to achieve authorization bypass over the network.
Exploitation of CVE-2026-54069 can occur via two primary vectors: remote network exploitation and local cross-origin exploitation.\n\n### Remote Network Attack\nIf the SiYuan Note instance binds to 0.0.0.0 or has port 6806 exposed to the network, an unauthenticated attacker can execute administrative actions directly using command-line utility tools. For example, the following curl command retrieves the system configuration by spoofing the Origin header:\n\nbash\ncurl -X POST http://127.0.0.1:6806/api/system/getConf \\\n -H \"Origin: chrome-extension://bypass-auth\" \\\n -H \"Content-Type: application/json\" \\\n -d '{}'\n\n\n### Local Extension / Supply Chain Attack\nOn standard desktop installations where the application binds strictly to 127.0.0.1, remote exploitation is blocked. However, a malicious or compromised browser extension running within the user's browser context can make cross-origin requests to http://127.0.0.1:6806/api/*. Since the browser automatically appends the extension's true origin (e.g., chrome-extension://[extension_id]), the vulnerable kernel trusts the request, allowing silent exfiltration of all private notes and settings.
The impact of this vulnerability is classified as critical, with a CVSS v3.1 score of 9.1 and CVSS v4.0 score of 9.2. An administrative session grants unlimited access to the API endpoints exposed by the Go kernel, leading to complete compromise of confidentiality, integrity, and availability.\n\n### Impact Matrix\n* Confidentiality: High. Attackers can read, download, and exfiltrate all stored markdown notes, passwords, configuration parameters, and files via endpoints like /api/file/getFile.\n* Integrity: High. Adversaries can inject, delete, or modify local files, notes, and preferences. This allows the insertion of stored Cross-Site Scripting (XSS) payloads which can execute when the notes are viewed in the Electron desktop wrapper, potentially resulting in complete system compromise.\n* Availability: High. Attackers can delete workspaces, alter critical paths, or modify configuration values, leading to application crashes and severe data loss.
The definitive solution for CVE-2026-54069 is upgrading to SiYuan Note version 3.7.0 or later, which contains the authorization patch. If immediate patching is not feasible, several defensive controls must be applied to limit exposure:\n\n1. Bind to Localhost: Verify that the application kernel is configured to listen exclusively on loopback interfaces (127.0.0.1 or ::1) rather than wildcard interfaces (0.0.0.0). This prevents remote network-based exploitation.\n2. Isolate Browser Environments: Run the desktop client on systems with a restricted browser profile, ensuring no malicious or untrusted browser extensions are active that could make local cross-origin API calls.\n3. Network Filtering: Implement host-level firewall rules to drop unsolicited incoming traffic on TCP port 6806.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N| Product | Affected Versions | Fixed Version |
|---|---|---|
SiYuan Note siyuan-note | < 3.7.0 | 3.7.0 |
| Attribute | Detail |
|---|---|
| CWE ID | CWE-346 |
| Attack Vector | Network |
| CVSS Score | 9.1 (Critical) |
| EPSS Score | 0.00607 |
| Exploit Status | poc |
| KEV Status | Not Listed |
The software does not properly validate or restrict the origin of requests, allowing unauthorized entities to perform security-sensitive actions.
An authentication bypass in the SiYuan personal knowledge management system before version 3.7.0 exposes a dynamic icon rendering endpoint. This endpoint processes client-supplied Go template directives. By submitting a crafted request, an unauthenticated remote attacker can leverage registered database template functions to execute arbitrary read-only SQL queries and exfiltrate workspace contents.
CVE-2026-54089 is a critical authentication bypass vulnerability in File Browser affecting instances configured with proxy-based authentication. An unauthenticated remote attacker with direct network access can impersonate arbitrary users or register new accounts by spoofing configured HTTP headers.
The malicious Cargo package 'exploration' was uploaded to the crates.io registry. During compilation or package import, the crate executes code designed to establish an outbound TCP/HTTP connection, download an external second-stage binary, and execute the binary locally on the host machine. This creates an unauthenticated remote code execution vector impacting developer environments and continuous integration pipelines.
CVE-2026-54088 is a critical command injection vulnerability in File Browser prior to version 2.63.6. When Hook Authentication is enabled, the application interpolates unsanitized credentials into a shell command, allowing unauthenticated remote code execution.
An authenticated remote code execution vulnerability exists in NotrinosERP (versions up to and including 1.0.0) within the Human Resource Management (HRM) module. Users with employee management permissions can upload arbitrary file types, including PHP scripts, which are written directly to a web-accessible directory. This allows for arbitrary code execution in the context of the web-server user.
A high-severity security bypass vulnerability exists in safeinstall-cli up to version 0.10.1. Due to multiple logical limitations in its shell command parsing mechanism (guard-parser), attackers can craft specific shell commands that completely evade the Agent Guard interceptor hooks. This allows arbitrary unverified installations and code executions on the developer system when executed by AI coding agents.