A vulnerability marked as critical has been reported in SiYuan up to 3.6.x . The affected element is the function model.Conf.Save of the file /api/tag/getTag . Performing a manipulation of the argument sort results in improper authorization. This vulnerability is known as CVE-2026-45147 . Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.