CVE-2026-32750

Exploit

EPSS 0.43%
Veröffentlicht 19.03.2026 21:15:32
Zuletzt bearbeitet 23.03.2026 18:09:19
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importStdMd passes the localPath parameter directly to model.ImportFromLocalPath with zero path validation. The function recursively reads every file under the given path and permanently stores their content as SiYuan note documents in the workspace database, making them searchable and accessible to all workspace users. Data persists in the workspace database across restarts and is accessible to Publish Service Reader accounts. Combined with the renderSprig SQL injection ( separate advisory ), a non-admin user can then read all imported secrets without any additional privileges. This issue has been fixed in version 3.6.1.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

B3log ≫ Siyuan Version < 3.6.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.343

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	6.8	2.3	4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

https://github.com/siyuan-note/siyuan/releases/tag/v3.6.1

Release Notes

https://github.com/siyuan-note/siyuan/security/advisories/GHSA-rjhh-m223-9qqv

Vendor Advisory

Exploit

https://github.com/siyuan-note/siyuan/commit/13b6d3d45e83525654d120f32a3fdc5d9e95df0b

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-32750

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-32750

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-32750

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-32750