CVE-2026-32704: CVE-2026-32704: Improper Authorization and Information Disclosure in SiYuan Template Rendering

CVE-2026-32704: Improper Authorization and Information Disclosure in SiYuan Template Rendering Vulnerability ID: CVE-2026-32704 CVSS Score: 6.5 Published: 2026-03-13 SiYuan versions prior to 3.6.1 contain an improper authorization vulnerability in the template rendering API. An authenticated attacker can exploit a missing access control check to execute arbitrary SQL queries against the local workspace database, leading to high-impact information disclosure. TL;DR A missing authorization check in SiYuan's renderSprig API endpoint allows low-privileged authenticated users to execute arbitrary SQL queries via malicious templates, exposing all workspace data. ⚠️ Exploit Status: POC Technical Details CWE ID : CWE-285 Attack Vector : Network CVSS Score : 6.5 Impact : High Confidentiality Exploit Status : Proof of Concept Available Authentication : Required (Low Privilege) Affected Systems SiYuan Personal Knowledge Management System SiYuan : < 3.6.1 (Fixed in: 3.6.1 ) Mitigation Strategies U

CVE-2026-32704: CVE-2026-32704: Improper Authorization and Information Disclosure in SiYuan Template Rendering

Related Articles

ssereload(1) introduction

One of our favorite TCL Mini-LED TVs just dropped under $1,000 at Amazon

EYG is now open source

Krylov × Liouvillian

The LG C5 OLED TV is selling for almost 50% off right now - and I highly recommend it

Related Articles

News
ssereload(1) introduction
Lobsters • 6d ago

News
One of our favorite TCL Mini-LED TVs just dropped under $1,000 at Amazon
ZDNet • 6d ago

News
EYG is now open source
Lobsters • 6d ago

News
Krylov × Liouvillian
Medium Programming • 6d ago

News
The LG C5 OLED TV is selling for almost 50% off right now - and I highly recommend it
ZDNet • 6d ago