HIGH
siyuan-note
CVE published 2026-07-09
CVE-2026-59834
CVE-2026-59834 is a high-severity vulnerability in the SiYuan open-source personal knowledge management system prior to version 3.7.1. An unauthenticated publish visitor can inject a UNION SELECT and return rows from hidden documents by projecting an allowed visible box and path via the block search endpoint POST /api/search/fullTextSearchBlock. This issue allows an attacker to access sensitive informatio [truncated]