{"id":"CVE-2026-32767","summary":"SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API","details":"SiYuan is a personal knowledge management system. Versions 3.6.0 and below contain an authorization bypass vulnerability in the /api/search/fullTextSearchBlock endpoint. When the method parameter is set to 2, the endpoint passes user-supplied input directly as a raw SQL statement to the underlying SQLite database without any authorization or read-only checks. This allows any authenticated user — including those with the Reader role — to execute arbitrary SQL statements (SELECT, DELETE, UPDATE, DROP TABLE, etc.) against the application's database. This is inconsistent with the application's own security model: the dedicated SQL endpoint (/api/query/sql) correctly requires both CheckAdminRole and CheckReadonly middleware, but the search endpoint bypasses these controls entirely. This issue has been fixed in version 3.6.1.","aliases":["GHSA-j7wh-x834-p3r7","GO-2026-4716"],"modified":"2026-04-02T13:26:33.407515Z","published":"2026-03-20T00:13:31.384Z","related":["SUSE-SU-2026:1135-1"],"database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32767.json","cwe_ids":["CWE-863","CWE-89"]},"references":[{"type":"WEB","url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.6.1"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32767.json"},{"type":"ADVISORY","url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-j7wh-x834-p3r7"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32767"},{"type":"REPORT","url":"https://github.com/siyuan-note/siyuan/issues/17209"},{"type":"FIX","url":"https://github.com/siyuan-note/siyuan/commit/d5e2d0bce0dffef5f61bd8066954bc2d41181fc5"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/siyuan-note/siyuan","events":[{"introduced":"0"},{"fixed":"d5e2d0bce0dffef5f61bd8066954bc2d41181fc5"}]},{"type":"GIT","repo":"https://github.com/siyuan-note/siyuan","events":[{"introduced":"0"},{"fixed":"fe4523fff2c84d6b06856331e735cc2938c2c5b0"}]}],"versions":["dev2.0.17-1","dev2.0.17-2","v0.1.0","v0.1.1","v0.1.2","v0.1.3","v0.1.4","v0.1.5","v0.1.6","v0.1.7","v0.1.8","v0.1.9","v0.2.0","v0.2.1","v0.2.2","v0.2.3","v0.2.4","v0.2.5","v0.2.6","v0.2.7","v0.2.8","v0.2.9","v0.3.0","v0.3.1","v0.3.2","v0.3.3","v0.3.4","v0.3.5","v0.3.6","v0.3.7","v0.3.8","v0.3.9","v0.4.0","v0.4.1","v0.4.1-x2","v0.4.2","v0.4.3","v0.4.3-x1","v0.4.32","v0.4.4","v0.4.5","v0.4.6","v0.4.7","v0.4.8","v0.4.9","v0.4.91","v0.4.92","v0.4.93","v0.4.94","v0.5.0","v0.5.1","v0.5.2","v0.5.3","v0.5.4","v0.5.41","v0.5.42","v0.5.43","v0.5.44","v0.5.45","v0.5.46","v0.5.5","v0.5.6","v0.5.6-alpha1","v0.5.7","v0.5.8","v0.5.9","v0.6.0","v0.6.1","v0.6.2","v0.6.3","v0.6.4","v0.6.5","v0.6.6","v0.6.7","v0.6.8","v0.7.0","v0.7.1","v0.7.5","v0.7.8","v0.8.0","v0.8.5","v0.9.0","v0.9.2","v0.9.5","v0.9.6","v0.9.7","v0.9.8","v0.9.9","v1.0.0","v1.0.1","v1.0.2","v1.0.3","v1.0.4","v1.0.5","v1.0.6","v1.0.7","v1.0.8","v1.0.9","v1.1.0","v1.1.1","v1.1.2","v1.1.3","v1.1.4","v1.1.5","v1.1.6","v1.1.7","v1.1.8","v1.1.81","v1.1.82","v1.1.83","v1.2.0","v1.2.0-beta1","v1.2.0-beta10","v1.2.0-beta11","v1.2.0-beta12","v1.2.0-beta13","v1.2.0-beta14","v1.2.0-beta15","v1.2.0-beta16","v1.2.0-beta2","v1.2.0-beta3","v1.2.0-beta4","v1.2.0-beta5","v1.2.0-beta6","v1.2.0-beta7","v1.2.0-beta8","v1.2.0-beta9","v1.2.0-rc1","v1.2.0-rc2","v1.2.0-rc3","v1.2.1","v1.2.2","v1.2.3","v1.2.31","v1.2.5","v1.2.6","v1.2.7","v1.2.8","v1.2.9","v1.3.0","v1.3.1","v1.3.2","v1.3.3","v1.3.4","v1.3.5","v1.3.6","v1.3.7","v1.3.8","v1.3.9","v1.4.0","v1.4.1","v1.4.2","v1.4.3","v1.4.4","v1.4.5","v1.4.6","v1.4.7","v1.4.8","v1.5.0","v1.5.1","v1.5.2","v1.5.3","v1.5.4","v1.5.5","v1.5.5-beta1","v1.5.5-beta2","v1.5.5-beta3","v1.5.6","v1.6.0","v1.6.1","v1.6.2","v1.6.3","v1.7.0","v1.7.1","v1.7.10","v1.7.11","v1.7.2","v1.7.3","v1.7.4","v1.7.5","v1.7.6","v1.7.7","v1.7.8","v1.7.9","v1.8.0","v1.8.1","v1.8.2","v1.8.4","v1.8.5","v1.8.6","v1.8.7","v1.8.8","v1.8.9","v1.9.0","v1.9.1","v1.9.2","v1.9.3","v1.9.4","v1.9.5","v1.9.6","v1.9.7","v1.9.8","v1.9.9","v2.0.0","v2.0.0-beta1","v2.0.0-beta2","v2.0.1","v2.0.10","v2.0.11","v2.0.12","v2.0.13","v2.0.14","v2.0.15","v2.0.15-dev1","v2.0.16","v2.0.17","v2.0.18","v2.0.19","v2.0.2","v2.0.20","v2.0.20-dev1","v2.0.21","v2.0.21-dev1","v2.0.22","v2.0.23","v2.0.24","v2.0.25","v2.0.26","v2.0.26-dev1","v2.0.26-dev2","v2.0.27","v2.0.3","v2.0.4","v2.0.5","v2.0.6","v2.0.7","v2.0.8","v2.0.9","v2.1.0","v2.1.0-dev1","v2.1.1","v2.1.10","v2.1.11","v2.1.12","v2.1.13","v2.1.14","v2.1.2","v2.1.3","v2.1.3-dev1","v2.1.4","v2.1.5","v2.1.6","v2.1.6-dev1","v2.1.7","v2.1.8","v2.1.8-dev1","v2.1.9","v2.10.0","v2.10.1","v2.10.1-dev1","v2.10.10","v2.10.10-dev1","v2.10.11","v2.10.11-dev1","v2.10.11-dev2","v2.10.11-dev3","v2.10.12","v2.10.12-dev1","v2.10.12-dev2","v2.10.13","v2.10.13-dev1","v2.10.13-dev2","v2.10.13-dev3","v2.10.13-dev4","v2.10.13-dev5","v2.10.14","v2.10.14-dev1","v2.10.14-dev2","v2.10.15","v2.10.15-dev1","v2.10.15-dev2","v2.10.15-dev3","v2.10.16","v2.10.16-dev1","v2.10.16-dev2","v2.10.16-dev3","v2.10.2","v2.10.2-dev1","v2.10.3","v2.10.3-dev1","v2.10.3-dev2","v2.10.3-dev3","v2.10.4","v2.10.4-dev1","v2.10.4-dev2","v2.10.4-dev3","v2.10.5","v2.10.5-dev1","v2.10.5-dev2","v2.10.6","v2.10.6-dev1","v2.10.6-dev2","v2.10.6-dev3","v2.10.6-dev4","v2.10.7","v2.10.8","v2.10.8-dev1","v2.10.8-dev2","v2.10.8-dev3","v2.10.9","v2.10.9-dev1","v2.10.9-dev2","v2.10.9-dev3","v2.10.9-dev4","v2.10.9-dev5","v2.11.0","v2.11.0-dev1","v2.11.0-dev2","v2.11.0-dev3","v2.11.1","v2.11.1-dev1","v2.11.1-dev2","v2.11.1-dev3","v2.11.2","v2.11.2-dev1","v2.11.2-dev2","v2.11.2-dev3","v2.11.2-dev4","v2.11.2-dev5","v2.11.2-dev6","v2.11.3","v2.11.3-dev1","v2.11.3-dev2","v2.11.4","v2.11.4-dev1","v2.11.4-dev2","v2.11.4-dev3","v2.11.4-dev4","v2.11.4-dev5","v2.11.4-dev6","v2.12.0","v2.12.0-dev1","v2.12.1","v2.12.1-dev1","v2.12.1-dev2","v2.12.1-dev3","v2.12.2","v2.12.3","v2.12.3-dev1","v2.12.3-dev2","v2.12.3-dev3","v2.12.4","v2.12.4-dev1","v2.12.4-dev2","v2.12.5","v2.12.6","v2.12.6-dev1","v2.12.7","v2.12.7-dev1","v2.12.7-dev2","v2.12.8","v2.12.8-dev1","v2.12.8-dev2","v2.2.0","v2.2.1","v2.2.2","v2.2.3","v2.3.0","v2.3.1","v2.3.2","v2.3.3","v2.4.0","v2.4.1","v2.4.10","v2.4.11","v2.4.12","v2.4.12-dev1","v2.4.12-dev2","v2.4.2","v2.4.3","v2.4.4","v2.4.5","v2.4.6","v2.4.7","v2.4.8","v2.4.9","v2.5.0","v2.5.0-dev1","v2.5.0-dev2","v2.5.1","v2.5.1-dev1","v2.5.1-dev2","v2.5.1-dev3","v2.5.1-dev4","v2.5.1-dev5","v2.5.2","v2.5.2-dev1","v2.5.2-dev2","v2.5.2-dev3","v2.5.3","v2.5.3-dev1","v2.5.3-dev2","v2.5.4","v2.5.4-dev1","v2.5.4-dev2","v2.5.5","v2.5.5-dev1","v2.6.0","v2.6.0-dev1","v2.6.0-dev2","v2.6.0-dev3","v2.6.1","v2.6.1-dev1","v2.6.1-dev2","v2.6.1-dev3","v2.6.1-dev4","v2.6.1-dev5","v2.6.1-dev6","v2.6.1-dev7","v2.6.2","v2.6.3","v2.6.3-dev1","v2.6.3-dev2","v2.6.3-dev3","v2.6.3-dev4","v2.6.3-dev5","v2.6.3-dev6","v2.7.0","v2.7.0-dev1","v2.7.0-dev2","v2.7.1","v2.7.1-dev1","v2.7.1-dev2","v2.7.1-dev3","v2.7.1-dev4","v2.7.1-dev5","v2.7.10","v2.7.2","v2.7.2-dev1","v2.7.2-dev2","v2.7.2-dev3","v2.7.3","v2.7.3-dev1","v2.7.3-dev2","v2.7.3-dev3","v2.7.3-dev4","v2.7.4","v2.7.4-dev1","v2.7.5","v2.7.5-dev1","v2.7.5-dev2","v2.7.6","v2.7.6-dev1","v2.7.6-dev2","v2.7.6-dev3","v2.7.6-dev4","v2.7.6-dev5","v2.7.7","v2.7.7-dev1","v2.7.7-dev2","v2.7.7-dev3","v2.7.7-dev4","v2.7.8","v2.7.8-dev1","v2.7.9","v2.7.9-dev1","v2.7.9-dev2","v2.8.0","v2.8.0-dev1","v2.8.0-dev2","v2.8.0-dev3","v2.8.1","v2.8.1-dev1","v2.8.1-dev2","v2.8.1-dev3","v2.8.10","v2.8.10-dev1","v2.8.10-dev2","v2.8.10-dev3","v2.8.10-dev4","v2.8.10-dev5","v2.8.2","v2.8.2-dev1","v2.8.2-dev2","v2.8.3","v2.8.3-dev1","v2.8.4","v2.8.4-dev1","v2.8.4-dev2","v2.8.5","v2.8.5-dev1","v2.8.5-dev2","v2.8.5-dev3","v2.8.6","v2.8.6-dev1","v2.8.6-dev2","v2.8.6-dev3","v2.8.6-dev4","v2.8.7","v2.8.7-dev1","v2.8.7-dev2","v2.8.7-dev3","v2.8.7-dev4","v2.8.7-dev5","v2.8.8","v2.8.8-dev1","v2.8.8-dev2","v2.8.8-dev3","v2.8.9","v2.8.9-dev1","v2.8.9-dev2","v2.8.9-dev3","v2.9.0","v2.9.0-dev1","v2.9.0-dev2","v2.9.1","v2.9.1-dev1","v2.9.1-dev2","v2.9.2","v2.9.2-dev1","v2.9.2-dev2","v2.9.2-dev3","v2.9.3","v2.9.3-dev1","v2.9.3-dev2","v2.9.3-dev3","v2.9.3-dev4","v2.9.4","v2.9.4-dev1","v2.9.4-dev2","v2.9.5","v2.9.5-dev1","v2.9.5-dev2","v2.9.6","v2.9.6-dev1","v2.9.7","v2.9.7-dev1","v2.9.7-dev2","v2.9.7-dev3","v2.9.8","v2.9.8-dev1","v2.9.8-dev2","v2.9.9","v2.9.9-dev1","v2.9.9-dev2","v202205311650-dev","v3.0.0","v3.0.0-dev1","v3.0.0-dev2","v3.0.1","v3.0.1-dev1","v3.0.1-dev2","v3.0.10","v3.0.10-dev1","v3.0.10-dev2","v3.0.10-dev3","v3.0.10-dev4","v3.0.10-dev5","v3.0.11","v3.0.11-dev1","v3.0.11-dev2","v3.0.11-dev3","v3.0.12","v3.0.12-dev1","v3.0.12-dev2","v3.0.12-dev3","v3.0.12-dev4","v3.0.12-dev5","v3.0.13","v3.0.13-dev1","v3.0.13-dev2","v3.0.13-dev3","v3.0.13-dev4","v3.0.14","v3.0.14-dev1","v3.0.14-dev2","v3.0.15","v3.0.15-dev1","v3.0.15-dev2","v3.0.16","v3.0.16-dev1","v3.0.16-dev2","v3.0.16-dev3","v3.0.17","v3.0.17-dev1","v3.0.17-dev2","v3.0.2","v3.0.2-dev1","v3.0.2-dev2","v3.0.3","v3.0.3-dev1","v3.0.3-dev2","v3.0.3-dev3","v3.0.3-dev4","v3.0.3-dev5","v3.0.3-dev6","v3.0.3-dev7","v3.0.4","v3.0.4-dev1","v3.0.4-dev2","v3.0.4-dev3","v3.0.5","v3.0.5-dev1","v3.0.5-dev2","v3.0.5-dev3","v3.0.5-dev4","v3.0.5-dev5","v3.0.6","v3.0.6-dev1","v3.0.6-dev2","v3.0.6-dev3","v3.0.7","v3.0.7-dev1","v3.0.8","v3.0.8-dev1","v3.0.8-dev2","v3.0.9","v3.1.0","v3.1.0-dev1","v3.1.0-dev10","v3.1.0-dev11","v3.1.0-dev12","v3.1.0-dev2","v3.1.0-dev3","v3.1.0-dev4","v3.1.0-dev5","v3.1.0-dev6","v3.1.0-dev7","v3.1.0-dev8","v3.1.0-dev9","v3.1.1","v3.1.1-dev1","v3.1.1-dev2","v3.1.10","v3.1.10-dev1","v3.1.10-dev2","v3.1.10-dev3","v3.1.10-dev4","v3.1.10-dev5","v3.1.10-dev6","v3.1.11","v3.1.11-dev1","v3.1.11-dev10","v3.1.11-dev11","v3.1.11-dev2","v3.1.11-dev3","v3.1.11-dev4","v3.1.11-dev5","v3.1.11-dev6","v3.1.11-dev7","v3.1.11-dev8","v3.1.11-dev9","v3.1.12","v3.1.12-dev1","v3.1.12-dev2","v3.1.12-dev3","v3.1.12-dev4","v3.1.12-dev5","v3.1.12-dev6","v3.1.13","v3.1.14","v3.1.14-dev1","v3.1.14-dev2","v3.1.14-dev3","v3.1.14-dev4","v3.1.14-dev5","v3.1.14-dev6","v3.1.14-dev7","v3.1.15","v3.1.15-dev1","v3.1.15-dev2","v3.1.15-dev3","v3.1.16","v3.1.16-dev1","v3.1.16-dev2","v3.1.17","v3.1.17-dev1","v3.1.17-dev2","v3.1.18","v3.1.18-dev1","v3.1.18-dev2","v3.1.19","v3.1.19-dev1","v3.1.19-dev2","v3.1.19-dev3","v3.1.2","v3.1.2-dev1","v3.1.2-dev2","v3.1.2-dev3","v3.1.2-dev4","v3.1.20","v3.1.20-dev1","v3.1.20-dev2","v3.1.20-dev3","v3.1.20-dev4","v3.1.21","v3.1.21-dev1","v3.1.21-dev2","v3.1.21-dev3","v3.1.21-dev4","v3.1.22","v3.1.22-dev1","v3.1.22-dev2","v3.1.23","v3.1.23-dev1","v3.1.23-dev2","v3.1.24","v3.1.24-dev1","v3.1.24-dev2","v3.1.24-dev3","v3.1.25","v3.1.25-dev1","v3.1.25-dev2","v3.1.25-dev3","v3.1.25-dev4","v3.1.25-dev5","v3.1.25-dev6","v3.1.26","v3.1.26-dev1","v3.1.26-dev2","v3.1.26-dev3","v3.1.27","v3.1.27-dev1","v3.1.27-dev2","v3.1.27-dev3","v3.1.27-dev4","v3.1.28","v3.1.28-dev1","v3.1.28-dev2","v3.1.28-dev3","v3.1.29","v3.1.29-dev1","v3.1.29-dev2","v3.1.29-dev3","v3.1.29-dev4","v3.1.29-dev5","v3.1.29-dev6","v3.1.29-dev7","v3.1.3","v3.1.3-dev1","v3.1.3-dev2","v3.1.30","v3.1.30-dev1","v3.1.31","v3.1.31-dev1","v3.1.31-dev2","v3.1.32","v3.1.32-dev1","v3.1.32-dev2","v3.1.32-dev3","v3.1.32-dev4","v3.1.32-dev5","v3.1.4","v3.1.4-dev1","v3.1.4-dev2","v3.1.4-dev3","v3.1.4-dev4","v3.1.4-dev5","v3.1.5","v3.1.5-dev1","v3.1.5-dev2","v3.1.6","v3.1.6-dev1","v3.1.6-dev2","v3.1.7","v3.1.7-dev1","v3.1.7-dev2","v3.1.7-dev3","v3.1.7-dev4","v3.1.7-dev5","v3.1.7-dev6","v3.1.7-dev7","v3.1.7-dev8","v3.1.8","v3.1.8-dev1","v3.1.8-dev2","v3.1.8-dev3","v3.1.9","v3.1.9-dev1","v3.1.9-dev10","v3.1.9-dev2","v3.1.9-dev3","v3.1.9-dev4","v3.1.9-dev5","v3.1.9-dev6","v3.1.9-dev7","v3.1.9-dev8","v3.1.9-dev9","v3.2.0","v3.2.0-dev1","v3.2.0-dev10","v3.2.0-dev2","v3.2.0-dev3","v3.2.0-dev4","v3.2.0-dev5","v3.2.0-dev6","v3.2.0-dev7","v3.2.0-dev8","v3.2.0-dev9","v3.2.1","v3.2.1-dev1","v3.2.1-dev2","v3.2.1-dev3","v3.2.1-dev4","v3.2.1-dev5","v3.2.1-dev6","v3.3.0","v3.3.0-dev1","v3.3.0-dev2","v3.3.0-dev3","v3.3.0-dev4","v3.3.0-dev5","v3.3.0-dev6","v3.3.0-dev7","v3.3.1","v3.3.1-dev1","v3.3.2","v3.3.2-dev1","v3.3.2-dev2","v3.3.3","v3.3.3-dev1","v3.3.3-dev2","v3.3.3-dev3","v3.3.3-dev4","v3.3.3-dev5","v3.3.4","v3.3.4-dev1","v3.3.4-dev2","v3.3.5","v3.3.5-dev1","v3.3.6","v3.3.6-dev1","v3.3.6-dev2","v3.4.0","v3.4.0-dev1","v3.4.0-dev2","v3.4.0-dev3","v3.4.0-dev4","v3.4.0-dev5","v3.4.1","v3.4.1-dev1","v3.4.1-dev2","v3.4.2","v3.4.2-dev1","v3.5.0","v3.5.0-dev1","v3.5.0-dev2","v3.5.1","v3.5.1-dev1","v3.5.1-dev2","v3.5.10","v3.5.2","v3.5.2-dev1","v3.5.2-dev2","v3.5.3","v3.5.3-dev1","v3.5.3-dev2","v3.5.3-dev3","v3.5.3-dev4","v3.5.3-dev5","v3.5.3-dev6","v3.5.4","v3.5.4-dev1","v3.5.4-dev2","v3.5.4-dev3","v3.5.4-dev4","v3.5.4-dev5","v3.5.4-dev6","v3.5.5","v3.5.5-dev1","v3.5.5-dev2","v3.5.6","v3.5.6-dev1","v3.5.7","v3.5.8","v3.5.8-dev1","v3.5.8-dev2","v3.5.9","v3.5.9-dev1","v3.5.9-dev2","v3.6.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32767.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}