CVE-2026-40259

CVE-2026-40259 is a high-severity security vulnerability in github.com/siyuan-note/siyuan/kernel (go), affecting versions < 0.0.0-20260407035653-2f416e5253f1. It is fixed in 0.0.0-20260407035653-2f416e5253f1.

Summary

An authenticated publish-service reader can invoke /api/av/removeUnusedAttributeView and cause persistent deletion of arbitrary attribute view (AV) definition files from the workspace.

The route is protected only by generic CheckAuth, which accepts publish RoleReader requests. The handler forwards a caller-controlled id directly into a model function that deletes data/storage/av/<id>.json without verifying either:

  • that the caller is allowed to perform write/destructive actions; or
  • that the target AV is actually unused.

This is a persistent integrity and availability issue reachable from the publish surface.

Root Cause

1. Publish users are issued a RoleReader JWT

ClaimsKeyRole: RoleReader,

2. The publish reverse proxy forwards that token upstream

3. CheckAuth accepts RoleReader

if role := GetGinContextRole(c); IsValidRole(role, []Role{
    RoleAdministrator,
    RoleEditor,
    RoleReader,
}) {
    c.Next()
    return
}

4. The route is exposed with CheckAuth only

ginServer.Handle("POST", "/api/av/removeUnusedAttributeView", model.CheckAuth, removeUnusedAttributeView)

There is no CheckAdminRole and no CheckReadonly.

5. The handler forwards attacker-controlled id directly to the delete sink

avID := arg["id"].(string)
model.RemoveUnusedAttributeView(avID)

6. The model deletes the AV file unconditionally

func RemoveUnusedAttributeView(id string) {
    absPath := filepath.Join(util.DataDir, "storage", "av", id+".json")
    if !filelock.IsExist(absPath) {
        return
    }
    ...
    if err = filelock.RemoveWithoutFatal(absPath); err != nil {
        ...
        return
    }
    IncSync()
}

Crucially, this function does not verify that the supplied AV is actually unused. The name of the function suggests a cleanup helper, but the implementation is really "delete AV file by id if it exists".

Attack Prerequisites

  • Publish service enabled
  • Attacker can access the publish service
  • If publish auth is enabled, attacker has valid publish-reader credentials
  • Attacker knows an avID

Obtaining avID

avID is not secret. It is exposed extensively in frontend markup as data-av-id.

Examples:

Any publish-visible database/attribute view can therefore disclose a valid avID to the attacker.

Exploit Path

  1. Attacker browses published content containing an attribute view.
  2. Attacker extracts the data-av-id value from the page/DOM.
  3. Attacker sends a POST request to /api/av/removeUnusedAttributeView through the publish service.
  4. Publish proxy injects a valid RoleReader token.
  5. CheckAuth accepts the request.
  6. The handler passes the attacker-controlled avID to model.RemoveUnusedAttributeView.
  7. The backend deletes data/storage/av/<avID>.json.

Proof of Concept

Request:

POST /api/av/removeUnusedAttributeView HTTP/1.1
Host: <publish-host>:<publish-port>
Content-Type: application/json
Authorization: Basic <publish-account-creds-if-enabled>

{
  "id": "<exposed-data-av-id>"
}

Expected result:

  • HTTP 200
  • backend increments sync state
  • the target attribute view file is removed from data/storage/av/
  • published and local workspace behavior for that AV becomes broken until restored from history or recreated

Impact

This gives a low-privileged publish reader a destructive persistent write primitive against workspace data.

Practical consequences include:

  • deletion of live attribute view definitions
  • corruption/breakage of published database views
  • breakage of local workspace rendering and AV-backed relationships
  • operational disruption until restore or manual repair

The bug affects integrity and availability, not merely UI state.

CVE-2026-40259 has a CVSS score of 8.1 (High). The vector is network-reachable, low privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (0.0.0-20260407035653-2f416e5253f1); upgrading removes the vulnerable code path.

Affected versions

github.com/siyuan-note/siyuan/kernel (< 0.0.0-20260407035653-2f416e5253f1)

Security releases

github.com/siyuan-note/siyuan/kernel → 0.0.0-20260407035653-2f416e5253f1 (go)

Kodem intelligence

Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.

Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.

See it in your environment

Remediation advice

At minimum:

  1. Block publish/read-only users from this route.
  2. Require admin/write authorization.
  3. Re-validate that the target AV is actually unused before deletion.

Safe router fix:

ginServer.Handle("POST", "/api/av/removeUnusedAttributeView",
    model.CheckAuth,
    model.CheckAdminRole,
    model.CheckReadonly,
    removeUnusedAttributeView,
)

And inside the model or handler, reject deletion unless the target id is present in UnusedAttributeViews(...).

Frequently Asked Questions

  1. What is CVE-2026-40259? CVE-2026-40259 is a high-severity security vulnerability in github.com/siyuan-note/siyuan/kernel (go), affecting versions < 0.0.0-20260407035653-2f416e5253f1. It is fixed in 0.0.0-20260407035653-2f416e5253f1.
  2. How severe is CVE-2026-40259? CVE-2026-40259 has a CVSS score of 8.1 (High). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
  3. Which versions of github.com/siyuan-note/siyuan/kernel are affected by CVE-2026-40259? github.com/siyuan-note/siyuan/kernel (go) versions < 0.0.0-20260407035653-2f416e5253f1 is affected.
  4. Is there a fix for CVE-2026-40259? Yes. CVE-2026-40259 is fixed in 0.0.0-20260407035653-2f416e5253f1. Upgrade to this version or later.
  5. Is CVE-2026-40259 exploitable, and should I be worried? Whether CVE-2026-40259 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
  6. What actually determines whether CVE-2026-40259 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
  7. How do I fix CVE-2026-40259? Upgrade github.com/siyuan-note/siyuan/kernel to 0.0.0-20260407035653-2f416e5253f1 or later.

Other vulnerabilities in github.com/siyuan-note/siyuan/kernel

CVE-2026-45375CVE-2026-45371CVE-2026-45148CVE-2026-45147CVE-2026-44588

Stop the waste.
Protect your environment with Kodem.