CVE-2026-29073
HIGHSiYuan < 3.6.0 - Authenticated SQL Injection via /api/query/sql
Title source: llmDescription
SiYuan is a personal knowledge management system. Prior to version 3.6.0, the /api/query/sql lets a user run sql directly, but it only checks basic auth, not admin rights, any logged-in user, even readers, can run any sql query on the database. This issue has been patched in version 3.6.0.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://github.com/siyuan-note/siyuan/security/advisories/GHSA-jqwg-75qf-vmf9
Scores
CVSS v3
8.8
EPSS
0.0032
EPSS Percentile
23.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-862
CWE-89
Status
published
Products (2)
b3log/siyuan
< 3.5.9
siyuan-note/siyuan
0Go
Published
Mar 06, 2026
Tracked Since
Mar 06, 2026