Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service
Description
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: SiYuan
PRODUCT: SiYuan Knowledge Management System
AFFECTED_VERSIONS: 3.6.0 and below
---END_METADATA---
Description Summary:
SiYuan versions 3.6.0 and below contain an authorization bypass in the search endpoint, allowing authenticated users to execute arbitrary SQL statements against the underlying SQLite database.
Executive Summary:
A critical authorization bypass vulnerability in SiYuan allows any authenticated user, including those with restricted permissions, to execute arbitrary SQL commands and potentially compromise the entire application database.
Vulnerability Details
CVE-ID: CVE-2026-32767
Affected Software: SiYuan Knowledge Management System
Affected Versions: 3.6.0 and below
Vulnerability: This flaw exists in the
/api/search/fullTextSearchBlockendpoint when themethodparameter is set to 2. An authenticated attacker with "Reader" role privileges can bypass security middleware to inject raw SQL statements directly into the SQLite database.Business Impact
A successful exploit grants an attacker full control over the application's data layer. This results in total loss of data confidentiality, integrity, and availability, as an attacker can exfiltrate, modify, or delete all stored knowledge and system tables. The CVSS score of 9.8 reflects the critical nature of this flaw, where a low-privileged user can cause catastrophic system-wide impact.
Remediation Plan
Immediate Action: Administrators must upgrade SiYuan to version 3.6.1 or later immediately to apply the necessary authorization and read-only checks to the affected endpoint.
Proactive Monitoring: Review application logs for unusual activity involving the
/api/search/fullTextSearchBlockendpoint, specifically looking for SQL syntax or the use ofmethod=2by non-admin users.Compensating Controls: Restrict network access to the SiYuan instance to trusted IP addresses and consider implementing a Web Application Firewall (WAF) to filter for common SQL injection patterns.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Mar 20, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the ease of exploitation by any authenticated user and the critical impact on data integrity, the potential for internal or external exploitation is extremely high.
Analyst Recommendation
The severity of this vulnerability cannot be overstated, as it completely bypasses the application's security model. Organizations using SiYuan should prioritize the update to version 3.6.1. Failure to remediate this flaw leaves the entire knowledge base vulnerable to unauthorized manipulation or permanent deletion by any user with basic access.