PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-59834 siyuan-note CVE debrief

CVE-2026-59834 is a high-severity vulnerability in the SiYuan open-source personal knowledge management system prior to version 3.7.1. An unauthenticated publish visitor can inject a UNION SELECT and return rows from hidden documents by projecting an allowed visible box and path via the block search endpoint POST /api/search/fullTextSearchBlock. This issue allows an attacker to access sensitive information. Users of SiYuan open-source personal knowledge management system versions prior to 3.7.1 should update to the latest version to mitigate this high-severity vulnerability. The vulnerability has a CVSS score of 7.5 and is considered HIGH severity.

Vendor
siyuan-note
Product
siyuan
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-10
Advisory published
2026-07-09
Advisory updated
2026-07-10

Who should care

Users of SiYuan open-source personal knowledge management system versions prior to 3.7.1 should update to the latest version to mitigate this high-severity vulnerability. This vulnerability affects users who have not updated to version 3.7.1, and it is recommended that they take immediate action to prevent exploitation. Security teams and vulnerability management teams should also be aware of this issue and review their systems for potential exposure.

Technical summary

The vulnerability exists in the block search endpoint POST /api/search/fullTextSearchBlock, where attacker-controlled path values are concatenated into SQL predicates used by non-SQL search modes. This allows an unauthenticated publish visitor to inject a UNION SELECT and return rows from hidden documents. The vulnerability is caused by a lack of proper input validation and sanitization in the affected endpoint. The issue can be mitigated by updating SiYuan to version 3.7.1 or later.

Defensive priority

High priority should be given to updating SiYuan to version 3.7.1 or later to prevent exploitation of this vulnerability. Additionally, restricting access to the block search endpoint and monitoring for suspicious activity can help mitigate the risk of this vulnerability.

Recommended defensive actions

  • Update SiYuan to version 3.7.1 or later
  • Restrict access to the block search endpoint
  • Monitor for suspicious activity
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-07-09T23:17:05.900Z and was last modified on 2026-07-10T14:16:54.590Z. The NVD entry is currently 7.5 HIGH. This issue is related to an open-source personal knowledge management system called SiYuan. The vulnerability exists in the block search endpoint POST /api/search/fullTextSearchBlock. The CVE record was obtained from a source item with limited detail, and further verification is needed to confirm the affected scope and severity.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T23:17:05.900Z and has not been modified since then. The NVD entry is currently 7.5 HIGH.