Executive Summary
A high-severity authorization bypass vulnerability (CVE-2026-40259) has been disclosed in SiYuan, a popular open-source personal knowledge management system. The flaw affects versions 3.6.3 and below and allows attackers holding low-privileged publish-service RoleReader tokens to call the /api/av/removeUnusedAttributeView endpoint — an API that is intended to be restricted to administrative roles.
CVSS Score: 8.1 (High)
The affected endpoint passes a caller-controlled id parameter directly into an internal model function without sufficient authorization enforcement, enabling unauthorized data manipulation within the knowledge base.
Vulnerability Overview
| Attribute | Value |
|---|---|
| CVE ID | CVE-2026-40259 |
| CVSS Score | 8.1 (High) |
| Type | Authorization Bypass / Improper Access Control |
| Attack Vector | Network |
| Privileges Required | Low (RoleReader publish-service token) |
| User Interaction | None |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | None |
| Patch Available | Apply update — upgrade beyond version 3.6.3 |
Affected Products
| Product | Affected Versions | Remediation |
|---|---|---|
| SiYuan | 3.6.3 and below | Upgrade to the latest patched release |
Technical Analysis
Root Cause
The /api/av/removeUnusedAttributeView endpoint in SiYuan is protected only by the platform's generic authentication layer, which accepts publish-service RoleReader tokens. These tokens are intended for low-privilege read operations, such as publishing or viewing content.
However, the endpoint's handler does not enforce a higher privilege check before processing the request. The id parameter supplied by the caller is passed directly to an internal model function — creating an authorization bypass that permits a low-privileged token holder to invoke a write/destructive operation that should require elevated privileges.
Attack Flow
1. Attacker obtains a publish-service RoleReader token (low privilege)
2. Attacker crafts a POST request to /api/av/removeUnusedAttributeView
3. Attacker supplies a controlled id value in the request body
4. The handler forwards the id directly to the internal model function
5. Unauthorized deletion or manipulation of AttributeView data occurs
6. Attacker gains the ability to destroy or corrupt database blocksWhy This Is Dangerous
SiYuan is widely used by developers, researchers, and knowledge workers who store sensitive notes, documentation, and project data. This vulnerability allows a low-privilege attacker to:
- Delete internal database views and corrupt linked data structures
- Enumerate and target specific knowledge base blocks using crafted IDs
- Exfiltrate data references if the model function returns internal state
- Disrupt self-hosted deployments by destroying attribute view linkages that underpin the knowledge graph
For self-hosted SiYuan instances exposed to the internet (e.g., team knowledge bases), this vulnerability is directly exploitable by any user with a valid publish token.
Impact Assessment
| Impact Area | Description |
|---|---|
| Unauthorized Data Deletion | RoleReader token holders can call destructive endpoints meant for admins |
| Data Integrity | AttributeView data can be corrupted or removed from the knowledge base |
| Authorization Model Bypass | Generic token acceptance collapses the privilege boundary |
| Self-Hosted Exposure | Internet-facing SiYuan instances are directly at risk |
Immediate Remediation
Step 1: Upgrade SiYuan
Upgrade all SiYuan instances to the latest available release beyond version 3.6.3:
# Check current SiYuan version
cat /path/to/siyuan/version.json
# Pull the latest Docker image if running containerized
docker pull b3log/siyuan:latest
docker restart siyuanStep 2: Restrict Network Access
If an immediate upgrade is not possible, restrict access to the SiYuan API port (default 6806) to trusted hosts only:
# Example: allow only localhost and internal network
ufw deny 6806
ufw allow from 192.168.0.0/24 to any port 6806Step 3: Rotate Publish-Service Tokens
If your instance issues publish-service tokens to external users, revoke and rotate all tokens until the patch is applied.
Step 4: Review Access Logs
# Review SiYuan request logs for suspicious calls to the affected endpoint
grep "removeUnusedAttributeView" /path/to/siyuan/logs/*.logDetection Indicators
| Indicator | Description |
|---|---|
Requests to /api/av/removeUnusedAttributeView from RoleReader tokens | Direct exploitation attempt |
| Unexpected deletion of AttributeView entries in the SiYuan database | Post-exploitation data destruction |
| Unusual API activity from publish-service tokens | Token misuse |
| Missing knowledge base blocks or broken database views | Data corruption indicator |
Post-Remediation Checklist
- Upgrade all SiYuan instances to versions beyond 3.6.3
- Audit all publish-service tokens currently issued — revoke any that are unnecessary
- Review logs for historical exploitation of the affected endpoint
- Inspect SiYuan databases for unexpected deletion or corruption of AttributeView records
- Network-segment self-hosted SiYuan instances behind authentication proxies or VPN
- Enable monitoring on the
/api/av/endpoint path for anomalous access patterns