CVE-2026-32704: Improper Authorization and Information Disclosure in SiYuan Template Rendering
Vulnerability ID: CVE-2026-32704
CVSS Score: 6.5
Published: 2026-03-13
SiYuan versions prior to 3.6.1 contain an improper authorization vulnerability in the template rendering API. An authenticated attacker can exploit a missing access control check to execute arbitrary SQL queries against the local workspace database, leading to high-impact information disclosure.
TL;DR
A missing authorization check in SiYuan's renderSprig API endpoint allows low-privileged authenticated users to execute arbitrary SQL queries via malicious templates, exposing all workspace data.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-285
- Attack Vector: Network
- CVSS Score: 6.5
- Impact: High Confidentiality
- Exploit Status: Proof of Concept Available
- Authentication: Required (Low Privilege)
Affected Systems
- SiYuan Personal Knowledge Management System
-
SiYuan: < 3.6.1 (Fixed in:
3.6.1)
Mitigation Strategies
- Upgrade SiYuan software to version 3.6.1 or higher.
- Implement network isolation to restrict access to the SiYuan instance.
- Deploy a Web Application Firewall (WAF) to inspect API payloads for SQL syntax.
- Monitor access logs for unauthorized access patterns to the renderSprig endpoint.
Remediation Steps:
- Verify the current version of the SiYuan installation.
- Download the version 3.6.1 update from the official repository or package manager.
- Apply the update and restart the SiYuan service.
- Confirm the application is running version 3.6.1 via the management interface.
- Validate the fix by attempting to access the endpoint with a low-privileged account to ensure a 401/403 response is returned.
References
Read the full report for CVE-2026-32704 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)