What is the CVSS score of CVE-2026-29073?

CVE-2026-29073 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Siyuan are affected by CVE-2026-29073?

SiYuan knowledge management systems are vulnerable to unauthorized database access by any logged-in user, regardless of their permission level.

Is there a public PoC exploit available for CVE-2026-29073?

Yes, a public proof-of-concept exploit is available for CVE-2026-29073. Prioritise patching immediately. EPSS: 0.1%.

Siyuan CVE-2026-29073

HIGH

SQL Injection (CWE-89)

2026-03-06 security-advisories@github.com

GHSA-jqwg-75qf-vmf9

SQLi Siyuan Suse

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

PoC Detected

Mar 10, 2026 - 19:04 vuln.today

Public exploit code

CVE Published

Mar 06, 2026 - 08:16 nvd

HIGH 8.8

DescriptionNVD

SiYuan is a personal knowledge management system. Prior to version 3.6.0, the /api/query/sql lets a user run sql directly, but it only checks basic auth, not admin rights, any logged-in user, even readers, can run any sql query on the database. This issue has been patched in version 3.6.0.

AnalysisAI

SQL injection in SiYuan prior to version 3.6.0 allows any authenticated user, including those with read-only access, to execute arbitrary database queries through the /api/query/sql endpoint due to insufficient authorization checks. Public exploit code exists for this vulnerability, enabling attackers to extract sensitive data or modify the knowledge base contents. …

RemediationAI

Within 24 hours: Inventory all SiYuan deployments and identify systems containing sensitive data; restrict network access to SiYuan instances to essential users only. Within 7 days: Disable the /api/query/sql endpoint via reverse proxy/WAF rules, implement role-based access controls at the application level, and audit recent database queries for suspicious activity. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2026-29073 vulnerability details – vuln.today

Back

Siyuan CVE-2026-29073

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code