CVE-2026-32747

Exploit

EPSS 0.06%
Veröffentlicht 19.03.2026 21:17:10
Zuletzt bearbeitet 23.03.2026 18:23:38
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the globalCopyFiles API  eads source files using filepath.Abs() with no workspace boundary check, relying solely on util.IsSensitivePath() whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin can copy /proc/1/environ or Docker secrets into the workspace and read them via the standard file API. An admin can exfiltrate any file readable by the SiYuan process that falls outside the incomplete blocklist. In containerized deployments this includes all injected secrets and environment variables - a common pattern for passing credentials to containers. The exfiltrated files are then accessible via the standard workspace file API and persist until manually deleted. This issue has been fixed in version 3.6.1.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

B3log ≫ Siyuan Version < 3.6.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.191

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	6.8	2.3	4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE-184 Incomplete List of Disallowed Inputs

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://github.com/siyuan-note/siyuan/commit/9914fd1d39e5f0a8dcc9fb587e1c0b46f31490a1

Patch

https://github.com/siyuan-note/siyuan/releases/tag/v3.6.1

Release Notes

https://github.com/siyuan-note/siyuan/security/advisories/GHSA-h5vh-m7fg-w5h6

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-32747

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-32747

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-32747

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-32747