CVE-2026-30926 — Vulnetix

CVE-2026-30926 PUBLISHED CVSS 7.099999904632568 HIGH

SiYuan: Authorization Bypass Allows Low-Privilege Publish User to Modify Notebook Content via /api/block/appendHeadingChildren

EPSS 0.02% · 4.1th percentile

Risk Scores

CVSS v3.1

7.099999904632568

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

EPSS Score

0.02%

4.1th percentile

Affected Products

Vendor	Product	Versions
b3log	siyuan	0, 0
github.com	siyuan-note/siyuan/kernel	0, 0
siyuan-note	siyuan	< 3.5.10, < 3.5.10

Timeline

Mar 9, 2026 CVE Published
Mar 10, 2026 CVE Updated
Mar 10, 2026 EPSS Score
Mar 11, 2026 EPSS Score
Mar 12, 2026 EPSS Score
Mar 13, 2026 EPSS Score
Mar 14, 2026 EPSS Score
Mar 15, 2026 EPSS Score
Mar 16, 2026 EPSS Score
Mar 17, 2026 EPSS Score
Mar 17, 2026 Coalition ESS Score
Mar 17, 2026 Security Advisory

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›