8.1

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-7m5h-w69j-qggg

GHSA-7m5h-w69j-qggg: SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via `/api/av/removeUnusedAttributeView`

Summary

An authenticated publish-service reader can invoke /api/av/removeUnusedAttributeView and cause persistent deletion of arbitrary attribute view (AV) definition files from the workspace.

The route is protected only by generic CheckAuth, which accepts publish RoleReader requests. The handler forwards a caller-controlled id directly into a model function that deletes data/storage/av/<id>.json without verifying either:

that the caller is allowed to perform write/destructive actions; or
that the target AV is actually unused.

This is a persistent integrity and availability issue reachable from the publish surface.

Root Cause

1. Publish users are issued a `RoleReader` JWT

kernel/model/auth.go

ClaimsKeyRole: RoleReader,

2. The publish reverse proxy forwards that token upstream

3. `CheckAuth` accepts `RoleReader`

kernel/model/session.go

if role := GetGinContextRole(c); IsValidRole(role, []Role{
    RoleAdministrator,
    RoleEditor,
    RoleReader,
}) {
    c.Next()
    return
}

4. The route is exposed with `CheckAuth` only

kernel/api/router.go

ginServer.Handle("POST", "/api/av/removeUnusedAttributeView", model.CheckAuth, removeUnusedAttributeView)

There is no CheckAdminRole and no CheckReadonly.

5. The handler forwards attacker-controlled `id` directly to the delete sink

kernel/api/av.go

avID := arg["id"].(string)
model.RemoveUnusedAttributeView(avID)

6. The model deletes the AV file unconditionally

kernel/model/attribute_view.go

func RemoveUnusedAttributeView(id string) {
    absPath := filepath.Join(util.DataDir, "storage", "av", id+".json")
    if !filelock.IsExist(absPath) {
        return
    }
    ...
    if err = filelock.RemoveWithoutFatal(absPath); err != nil {
        ...
        return
    }
    IncSync()
}

Crucially, this function does not verify that the supplied AV is actually unused. The name of the function suggests a cleanup helper, but the implementation is really "delete AV file by id if it exists".

Attack Prerequisites

Publish service enabled
Attacker can access the publish service
If publish auth is enabled, attacker has valid publish-reader credentials
Attacker knows an avID

Obtaining `avID`

avID is not secret. It is exposed extensively in frontend markup as data-av-id.

Examples:

Any publish-visible database/attribute view can therefore disclose a valid avID to the attacker.

Exploit Path

Attacker browses published content containing an attribute view.
Attacker extracts the data-av-id value from the page/DOM.
Attacker sends a POST request to /api/av/removeUnusedAttributeView through the publish service.
Publish proxy injects a valid RoleReader token.
CheckAuth accepts the request.
The handler passes the attacker-controlled avID to model.RemoveUnusedAttributeView.
The backend deletes data/storage/av/<avID>.json.

Proof of Concept

Request:

POST /api/av/removeUnusedAttributeView HTTP/1.1
Host: <publish-host>:<publish-port>
Content-Type: application/json
Authorization: Basic <publish-account-creds-if-enabled>

{
  "id": "<exposed-data-av-id>"
}

Expected result:

HTTP 200
backend increments sync state
the target attribute view file is removed from data/storage/av/
published and local workspace behavior for that AV becomes broken until restored from history or recreated

Impact

This gives a low-privileged publish reader a destructive persistent write primitive against workspace data.

Practical consequences include:

deletion of live attribute view definitions
corruption/breakage of published database views
breakage of local workspace rendering and AV-backed relationships
operational disruption until restore or manual repair

The bug affects integrity and availability, not merely UI state.

Recommended Fix

At minimum:

Block publish/read-only users from this route.
Require admin/write authorization.
Re-validate that the target AV is actually unused before deletion.

Safe router fix:

ginServer.Handle("POST", "/api/av/removeUnusedAttributeView",
    model.CheckAuth,
    model.CheckAdminRole,
    model.CheckReadonly,
    removeUnusedAttributeView,
)

And inside the model or handler, reject deletion unless the target id is present in UnusedAttributeViews(...).

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-7m5h-w69j-qggg

GHSA-7m5h-w69j-qggg:

8.1

CVSS Score

3.1

-

CVSS Score

Basic Information

Is this CVE running in your environment?

Easily map the attack path and prioritize which CVEs are a threat to your organization

Validate Exposure

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/siyuan-note/siyuan/kernel	go	< 0.0.0-20260407035653-2f416e5253f1	0.0.0-20260407035653-2f416e5253f1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability allows a low-privileged user with read-only access to delete arbitrary attribute view files from the SiYuan workspace. This is due to an improper authorization check on the /api/av/removeUnusedAttributeView API endpoint.

The root cause is that the route is only protected by CheckAuth, which allows users with the RoleReader role to access it. The request handler for this route, removeUnusedAttributeView in kernel/api/av.go, takes the id of an attribute view from the user's request and passes it directly to model.RemoveUnusedAttributeView in kernel/model/attribute_view.go. This second function then proceeds to delete the corresponding attribute view file (<id>.json) from the data/storage/av/ directory without any further checks.

An attacker can obtain a valid attribute view id as they are exposed in the frontend HTML. By sending a POST request to the vulnerable endpoint with a known id, the attacker can trigger the deletion of the file, leading to data corruption and application malfunction.

The vulnerable functions are the API handler removeUnusedAttributeView, which fails to enforce proper authorization, and the model function model.RemoveUnusedAttributeView, which performs the destructive file deletion operation based on untrusted input.

Vulnerable functions

removeUnusedAttributeView

kernel/api/av.go

This function is the main handler for the `/api/av/removeUnusedAttributeView` endpoint. It takes the `id` from the request and calls the model function to delete the attribute view file. The vulnerability exists because this handler is executed for users with only read privileges, allowing them to perform a destructive action.

model.RemoveUnusedAttributeView

kernel/model/attribute_view.go

This function is called by the `removeUnusedAttributeView` handler and is responsible for deleting the attribute view file from the filesystem. It takes an `id` and deletes the corresponding `.json` file without verifying if the caller is authorized to perform deletions or if the attribute view is actually unused, as its name implies. This is the function that directly causes the integrity and availability impact.

Vulnerability Intelligence
Miggo AI

Unlock WAF rules for this CVE

Generate vendor-ready rules for the observed attack patterns, plus reasoning and safe deployment guidance

Get WAF rules

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

8.1

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-7m5h-w69j-qggg: SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via `/api/av/removeUnusedAttributeView`

Summary

Root Cause

1. Publish users are issued a RoleReader JWT

2. The publish reverse proxy forwards that token upstream

3. CheckAuth accepts RoleReader

4. The route is exposed with CheckAuth only

5. The handler forwards attacker-controlled id directly to the delete sink

6. The model deletes the AV file unconditionally

Attack Prerequisites

Obtaining avID

Exploit Path

Proof of Concept

Impact

Recommended Fix

GHSA-7m5h-w69j-qggg:

8.1

-

Basic Information

Basic Information

Is this CVE running in your environment?

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

Vulnerability IntelligenceMiggo AI

Unlock WAF rules for this CVE

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

GHSA-7m5h-w69j-qggg: SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via `/api/av/removeUnusedAttributeView`

Summary

Root Cause

1. Publish users are issued a RoleReader JWT

2. The publish reverse proxy forwards that token upstream

3. CheckAuth accepts RoleReader

4. The route is exposed with CheckAuth only

5. The handler forwards attacker-controlled id directly to the delete sink

6. The model deletes the AV file unconditionally

Attack Prerequisites

Obtaining avID

Exploit Path

Proof of Concept

Impact

Recommended Fix

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

8.1

8.1

Technical Details

1. Publish users are issued a `RoleReader` JWT

3. `CheckAuth` accepts `RoleReader`

4. The route is exposed with `CheckAuth` only

5. The handler forwards attacker-controlled `id` directly to the delete sink

Obtaining `avID`

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

1. Publish users are issued a `RoleReader` JWT

3. `CheckAuth` accepts `RoleReader`

4. The route is exposed with `CheckAuth` only

5. The handler forwards attacker-controlled `id` directly to the delete sink

Obtaining `avID`

Vulnerability Intelligence
Miggo AI