CVE-2026-40259 | SiYuan up to 3.6.3 removeUnusedAttributeView ID improper authorization (GHSA-7m5h-w69j-qggg)

A vulnerability classified as critical was found in SiYuan up to 3.6.3. Affected is an unknown function of the file /api/av/removeUnusedAttributeView. Executing a manipulation of the argument ID can lead to improper authorization.

The identification of this vulnerability is CVE-2026-40259. The attack may be launched remotely. There is no exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More