CVE-2026-45148

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0

Description Broken access control in the publish-mode allows readers to enumerate metadata from documents that are invisible to the publish service. This occurs because certain search handlers do not filter responses for users with the RoleReader role, allowing them to bypass the trust boundary and access information from password-protected or publish-ignored notebooks. An attacker can enumerate all tag strings, asset filenames, widget names, and template names across the entire workspace.

The affected API endpoints are:

Recommendations Update to version 3.7.0. As a temporary workaround, restrict access to the '/api/search/searchTag', '/api/search/searchTemplate', '/api/search/searchWidget', and '/api/search/searchAsset' endpoints to minimize the risk of metadata enumeration.