← Retour aux CVEs
CVE-2026-32110
HIGH8.3
Description
SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and headers. There is no URL validation to prevent requests to internal networks, localhost, or cloud metadata services. This vulnerability is fixed in 3.6.0.
Details CVE
Score CVSS v3.18.3
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie3/11/2026
Derniere modification3/13/2026
Sourcenvd
Observations honeypot0
Produits affectes
b3log:siyuan
Faiblesses (CWE)
CWE-918
References
https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56cv-c5p2-j2wg(security-advisories@github.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.