CVE-2026-45147 | SiYuan up to 3.6.x /api/tag/getTag model.Conf.Save sort improper authorization (GHSA-6r88-8v7q-q4p2)

A vulnerability marked as critical has been reported in SiYuan up to 3.6.x. The affected element is the function model.Conf.Save of the file /api/tag/getTag. Performing a manipulation of the argument sort results in improper authorization.

This vulnerability is known as CVE-2026-45147. Remote exploitation of the attack is possible. No exploit is available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More