A vulnerability was found in siyuan-note SiYuan up to 3.7.0 and classified as critical. Impacted is an unknown function of the file /api/search/fullTextSearchBlock of the component Block Search Endpoint. Such manipulation of the argument paths leads to sql injection.
This vulnerability is referenced as CVE-2026-59834. It is possible to launch the attack remotely. No exploit is available.