B3log Vulnerabilities
Comprehensive security vulnerability database for B3log products
3
0
1
1
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-30926 | 7.1 | This vulnerability allows low-privilege users to modify existing notebook content in the SiYuan knowledge management system, even though they should only have read-only access. It occurs because the system doesn't properly check user permissions, enabling these users to add new content to documents through a specific API. | b3logsiyuan | Exploit Available | 28 days agoMar 10, 2026 |
| CVE-2026-29183 | 6.1 | This vulnerability allows an attacker to inject malicious JavaScript into the SiYuan web application, which can then execute actions on behalf of a logged-in user if they click on a crafted link. It can be exploited without any authentication, making it particularly dangerous for users who might unknowingly open the link. | b3logsiyuan | Theoretical | about 1 month agoMar 6, 2026 |
| CVE-2026-29073 | 5.7 | This vulnerability allows any logged-in user, including those with just read access, to execute any SQL query on the database, potentially exposing or altering sensitive data. It affects versions prior to 3.6.0 and is fixed in that version, so users should update to secure their systems. | b3logsiyuan | Theoretical | about 1 month agoMar 6, 2026 |
About B3log Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting B3log products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.