PatchSiren

siyuan-note CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH siyuan-note CVE published 2026-07-09

CVE-2026-59834

CVE-2026-59834 is a high-severity vulnerability in the SiYuan open-source personal knowledge management system prior to version 3.7.1. An unauthenticated publish visitor can inject a UNION SELECT and return rows from hidden documents by projecting an allowed visible box and path via the block search endpoint POST /api/search/fullTextSearchBlock. This issue allows an attacker to access sensitive informatio [truncated]