VYPR
High severity7.5OSV Advisory· Published Jan 19, 2026· Updated Apr 29, 2026

CVE-2026-23850

CVE-2026-23850

Description

SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read (LFD). Version 3.5.4 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/siyuan-note/siyuan/kernelGo
< 0.0.0-20260118092326-b2274baba2e10.0.0-20260118092326-b2274baba2e1

Affected products

3

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.