Tag
SiYuan versions 3.6.3 and below are vulnerable to unauthorized attribute view deletion via the /api/av/removeUnusedAttributeView endpoint, allowing authenticated users with publish-service RoleReader tokens to delete arbitrary attribute view definitions, leading to database view breakage and workspace rendering issues.