CVE-2026-29073
HIGH
GHSA-jqwg-75qf-vmf9
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
SiYuan is a personal knowledge management system. Prior to version 3.6.0, the /api/query/sql lets a user run sql directly, but it only checks basic auth, not admin rights, any logged-in user, even readers, can run any sql query on the database. This issue has been patched in version 3.6.0.
Analysis
SQL injection in SiYuan prior to version 3.6.0 allows any authenticated user, including those with read-only access, to execute arbitrary database queries through the /api/query/sql endpoint due to insufficient authorization checks. Public exploit code exists for this vulnerability, enabling attackers to extract sensitive data or modify the knowledge base contents. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all SiYuan deployments and identify systems containing sensitive data; restrict network access to SiYuan instances to essential users only. Within 7 days: Disable the /api/query/sql endpoint via reverse proxy/WAF rules, implement role-based access controls at the application level, and audit recent database queries for suspicious activity. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today