Sensitive Data Exposure in SiYuan Knowledge Management System
CVE-2026-59853
6.5MEDIUM
What is CVE-2026-59853?
The SiYuan personal knowledge management system has a vulnerability where the /api/storage/getCriteria endpoint can return sensitive search criteria without appropriate access controls. This allows users with publish-mode reader access to view private document paths, notebook IDs, and search functionality for unpublished documents. The issue was remedied in version 3.7.1, emphasizing the importance of rigorous access filtering across all endpoints.
Affected Version(s)
siyuan < 3.7.1
