A vulnerability, which was classified as problematic, was found in siyuan-note SiYuan up to 3.7.0. This vulnerability affects the function serveSnippets of the file kernel/server/serve.go of the component Route Handler. The manipulation of the argument filepath results in information disclosure.

This vulnerability was named CVE-2026-59832. The attack may be performed from remote. There is no available exploit.