CVE-2026-32704

EUVD-2026-12146
SiYuan is a personal knowledge management system. Prior to 3.6.1, POST /api/template/renderSprig lacks model.CheckAdminRole, allowing any authenticated user to execute arbitrary SQL queries against the SiYuan workspace database and exfiltrate all note content, metadata, and custom attributes. This vulnerability is fixed in 3.6.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
b3logsiyuan
𝑥
< 3.6.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/siyuan-note/siyuan/security/advisories/GHSA-4j3x-hhg2-fm2x
https://github.com/siyuan-note/siyuan/security/advisories/GHSA-4j3x-hhg2-fm2x