Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AC:H because a malicious/compromised browser extension must already be installed; PR:N as the kernel requires no auth (empty AccessAuthCode); full C/I/A impact to the SiYuan instance, no scope change.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan Note's kernel HTTP server unconditionally trusts all chrome-extension:// origins, granting RoleAdministrator access to every installed browser extension without any authentication. Combined with the default empty AccessAuthCode on desktop installs, any Chrome/Chromium extension -- including a compromised legitimate extension via supply chain attack -- can make fully authenticated admin API calls to the SiYuan kernel at 127.0.0.1:6806, enabling data exfiltration, stored XSS injection, and configuration tampering. This vulnerability is fixed in 3.7.0.
AnalysisAI
Origin-validation bypass in SiYuan Note (open-source personal knowledge management) before 3.7.0 lets any installed Chrome/Chromium browser extension obtain RoleAdministrator access to the local kernel HTTP server at 127.0.0.1:6806. Because the kernel unconditionally trusts all chrome-extension:// origins and desktop installs ship with an empty AccessAuthCode by default, a malicious or supply-chain-compromised extension can issue fully authenticated admin API calls with no further authentication, enabling data exfiltration, stored XSS injection, and configuration tampering. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires a Chrome/Chromium browser extension (malicious, or legitimate-but-compromised via supply chain) installed in a browser on the same host where SiYuan's kernel is running and reachable at 127.0.0.1:6806, with SiYuan version prior to 3.7.0. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor CVSS 4.0 vector (CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H, score 9.2) reflects full confidentiality/integrity/availability impact to the SiYuan instance with no authentication, but a high attack complexity (AC:H) that captures the real precondition: the attacker must control a browser extension already installed in the victim's browser. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker publishes or compromises (via supply chain) a Chrome extension that the victim already trusts and has installed. When the victim is running SiYuan, the extension silently issues fetch requests to http://127.0.0.1:6806 with its chrome-extension:// origin; the kernel grants administrator rights and the extension reads all notes, alters configuration, or injects stored XSS. … |
| Remediation | Upgrade to SiYuan 3.7.0 or later, which removes the unconditional trust of chrome-extension:// origins (Vendor-released patch: 3.7.0); see the advisory at https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hvr9-72v2-fff3. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: identify all SiYuan Note installations in your environment and document their current versions. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
SiYuan personal knowledge management system prior to 3.5.4 has a stored XSS vulnerability (CVSS 9.6) that allows code ex
Reflected XSS in SiYuan knowledge management before 3.5.9.
SiYuan knowledge management system prior to 3.5.5 has a path traversal in /api/file/copyFile allowing arbitrary file ope
SQL injection in SiYuan prior to version 3.6.0 allows any authenticated user, including those with read-only access, to
Cross-site scripting (XSS) in SiYuan personal knowledge management system versions 3.6.0-3.6.1 allows remote attackers t
Arbitrary file disclosure in SiYuan personal knowledge management system before 3.7.0 lets an unauthenticated remote att
Remote attackers can read arbitrary files from SiYuan servers (versions prior to 3.5.4) by exploiting server-side HTML r
Unauthenticated attackers can read sensitive configuration files from SiYuan knowledge management systems prior to versi
Unauthenticated information disclosure in SiYuan personal knowledge management system versions before 3.6.2 allows remot
SiYuan knowledge management system versions before 3.5.4 allow authenticated users to copy arbitrary files from the serv
Reflected XSS in SiYuan's /api/icon/getDynamicIcon endpoint allows attackers to inject malicious JavaScript through unes
SiYuan's SVG sanitizer fails to properly filter malicious href attributes when whitespace characters are inserted into j
Same weakness CWE-346 – Origin Validation Error
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39125