SiYuan Vulnerability: Reader Role Can Wipe Attribute Views

The National Vulnerability Database has detailed CVE-2026-40259, a high-severity vulnerability (CVSS 8.1) in SiYuan, an open-source personal knowledge management system. This isn’t just a minor bug; it’s a critical flaw that allows a low-privileged authenticated user to cause significant data integrity issues and operational disruption.

Specifically, the /api/av/removeUnusedAttributeView endpoint in SiYuan versions 3.6.3 and below is inadequately protected. The National Vulnerability Database notes that it accepts generic authentication tokens, including those from a ‘publish-service RoleReader’. This RoleReader is typically intended for read-only access, yet it gains the ability to execute destructive actions.

The core of the problem lies in insufficient authorization checks. The handler directly passes a caller-controlled id to a model function. This function then unconditionally deletes the corresponding attribute view file from the workspace. Crucially, it does so without verifying if the caller possesses write privileges or if the target attribute view is truly ‘unused’. This is a classic authorization bypass, where a read-only role can perform write/delete operations.

From an attacker’s perspective, this is gold. An authenticated publish-service reader can systematically extract data-av-id values from publicly exposed content. With these IDs, they can then trigger the /removeUnusedAttributeView endpoint to permanently delete arbitrary attribute view definitions. The impact is immediate and severe: database views will break, and workspace rendering will fail until these views are manually restored. This isn’t just data loss; it’s a denial-of-service on the application’s functionality, requiring manual intervention to fix. The attacker’s calculus is simple: gain a foothold with minimal privileges, then cause maximum disruption.

For defenders, this highlights a critical blind spot in many applications: the assumption that ‘read-only’ roles are inherently safe. This vulnerability demonstrates that even seemingly innocuous endpoints can be weaponized if authorization logic is flawed. CISOs must push for stringent authorization checks at every API endpoint, especially those that involve deletion or modification of data. Trusting generic authentication to enforce granular permissions is a recipe for disaster. The fix in version 3.6.4 is a clear indicator that this was a fundamental design flaw, not an edge case.