CVE-2026-32704 is a security vulnerability classified under CWE-285 (Improper Authorization) and CWE-732 (Incorrect Permission Assignment for Critical Resource) affecting the SiYuan personal knowledge management system versions prior to 3.6.1. The vulnerability resides in the POST /api/template/renderSprig API endpoint, which fails to enforce an administrative role check (model.CheckAdminRole). As a result, any authenticated user can craft requests that execute arbitrary SQL queries directly against the SiYuan workspace database. This flaw allows unauthorized users to access and exfiltrate all stored note content, metadata, and custom attributes, compromising the confidentiality of potentially sensitive information. The vulnerability does not require user interaction beyond authentication and does not affect data integrity or availability. The CVSS v3.1 base score is 6.5, reflecting network exploitability with low attack complexity and privileges required, but no user interaction. The issue was publicly disclosed on March 13, 2026, and fixed in version 3.6.1 of SiYuan. No public exploit code or active exploitation has been reported to date. The vulnerability highlights the critical need for proper authorization checks on sensitive API endpoints, especially those that interface directly with backend databases. Organizations using SiYuan versions before 3.6.1 are urged to upgrade promptly to mitigate the risk of data leakage.

The primary impact of CVE-2026-32704 is unauthorized disclosure of sensitive information stored within the SiYuan knowledge management system. Attackers with valid user credentials can exploit this flaw to execute arbitrary SQL queries, leading to full exfiltration of note contents, metadata, and custom attributes. This breach of confidentiality can result in exposure of proprietary business knowledge, intellectual property, personal data, or other sensitive information. Although the vulnerability does not affect data integrity or availability, the loss of confidentiality can have severe consequences including competitive disadvantage, regulatory non-compliance, reputational damage, and potential legal liabilities. Organizations relying on SiYuan for knowledge management, especially in sectors like technology, research, education, and government, face increased risk. The ease of exploitation—requiring only authenticated access and no user interaction—makes this vulnerability a significant threat if credentials are compromised or if internal users act maliciously. The absence of known exploits in the wild reduces immediate risk but does not eliminate the potential for future attacks. Overall, the vulnerability undermines trust in the confidentiality of organizational knowledge assets.

1. Upgrade SiYuan to version 3.6.1 or later immediately to apply the official patch that enforces proper admin role authorization on the affected API endpoint. 2. Restrict access to SiYuan instances to trusted users only, employing strong authentication mechanisms such as multi-factor authentication (MFA) to reduce risk of credential compromise. 3. Implement strict role-based access controls (RBAC) within SiYuan to ensure that only authorized administrators can access sensitive API endpoints or perform privileged operations. 4. Monitor application logs and database query logs for unusual or unauthorized SQL query patterns indicative of exploitation attempts. 5. Conduct regular audits of user permissions and access rights to detect and remediate privilege escalation or inappropriate access. 6. Isolate SiYuan deployments within secure network segments and apply network-level controls such as firewalls and intrusion detection/prevention systems to limit exposure. 7. Educate users about the importance of credential security and the risks of insider threats, as authenticated access is required for exploitation. 8. Consider implementing database activity monitoring solutions to detect anomalous query execution in real time. 9. If upgrading immediately is not feasible, consider temporarily disabling or restricting access to the vulnerable API endpoint as a stopgap measure. 10. Maintain an incident response plan to quickly address any detected exploitation or data leakage incidents.