{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40259", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-10T17:31:45.787Z", "datePublished": "2026-04-16T22:49:36.992Z", "dateUpdated": "2026-04-16T22:50:20.441Z"}, "containers": {"cna": {"title": "SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via removeUnusedAttributeView API", "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "lang": "en", "description": "CWE-285: Improper Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-7m5h-w69j-qggg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-7m5h-w69j-qggg"}, {"name": "https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4", "tags": ["x_refsource_MISC"], "url": "https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4"}], "affected": [{"vendor": "siyuan-note", "product": "siyuan", "versions": [{"version": "< 0.0.0-20260407035653-2f416e5253f1", "status": "affected"}, {"version": "< 3.6.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-16T22:50:20.441Z"}, "descriptions": [{"lang": "en", "value": "SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a caller-controlled id directly to a model function that unconditionally deletes the corresponding attribute view file from the workspace without verifying that the caller has write privileges or that the target attribute view is actually unused. An authenticated publish-service reader can permanently delete arbitrary attribute view definitions by extracting publicly exposed data-av-id values from published content, causing breakage of database views and workspace rendering until manually restored. This issue has been fixed in version 3.6.4."}], "source": {"advisory": "GHSA-7m5h-w69j-qggg", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a caller-controlled id directly to a model function that unconditionally deletes the corresponding attribute view file from the workspace without verifying that the caller has write privileges or that the target attribute view is actually unused. An authenticated publish-service reader can permanently delete arbitrary attribute view definitions by extracting publicly exposed data-av-id values from published content, causing breakage of database views and workspace rendering until manually restored. This issue has been fixed in version 3.6.4."}], "id": "CVE-2026-40259", "lastModified": "2026-04-16T23:16:33.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-16T23:16:33.430", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4"}, {"source": "security-advisories@github.com", "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-7m5h-w69j-qggg"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-17T02:22:40.690588+00:00", "value": {"mitigation_remediation": ["Upgrade Siyuan to version 3.6.4 or later to install the fixed code that enforces proper authorization checks.", "Restrict publish-service reader tokens so they cannot invoke write-related APIs such as removeUnusedAttributeView.", "Audit API permissions on your system to ensure that only authorized users have access to destructive endpoints and consider adding IP-based access controls."], "summary": {"action": "Immediate Upgrade", "impact": "Authentication Bypass with Unauthorized Deletion of Attribute View Files"}, "threat_synthesis": {"affected_systems": "Siyuan Note's open-source personal knowledge management system. Versions 3.6.3 and earlier are vulnerable. The issue has been addressed in release 3.6.4.", "description_and_impact": "The vulnerability is a lack of proper authorization checks for the /api/av/removeUnusedAttributeView endpoint. An attacker who can obtain a publish-service RoleReader token can send a request containing a valid attribute view ID. The endpoint blindly passes that ID to the deletion routine, removing the attribute view file from the workspace. The result is irreversible loss of view definitions, causing workspace rendering failures until manually restored. This results in a loss of integrity and availability of the affected content.", "risk_and_exploitability": "The CVSS base score of 8.1 indicates high severity. No EPSS value is available, so the likelihood of exploitation cannot be quantified. The vendor has not listed this vulnerability in CISA's KEV catalog. Because the endpoint accepts any authenticated publish reader token, the attack operates over the network from any system that can issue the API call. An attacker only needs to supply a known attribute view ID, which can be discovered from published content. Once exploited, the deletion causes immediate breakage, and the restoration requires manual intervention. The lack of proper privilege checks is the root of the problem."}}}}, "created": "2026-04-17T02:30:07.311806+00:00", "updated": "2026-04-17T02:30:07.311819+00:00", "vendors": []}