TROYANOSYVIRUS
Retour aux CVEs

CVE-2026-32750

MEDIUM
6.8

Description

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importStdMd passes the localPath parameter directly to model.ImportFromLocalPath with zero path validation. The function recursively reads every file under the given path and permanently stores their content as SiYuan note documents in the workspace database, making them searchable and accessible to all workspace users. Data persists in the workspace database across restarts and is accessible to Publish Service Reader accounts. Combined with the renderSprig SQL injection ( separate advisory ), a non-admin user can then read all imported secrets without any additional privileges. This issue has been fixed in version 3.6.1.

Details CVE

Score CVSS v3.16.8
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisHIGH
Interaction utilisateurNONE
Publie3/19/2026
Derniere modification3/23/2026
Sourcenvd
Observations honeypot0

Produits affectes

b3log:siyuan

Faiblesses (CWE)

CWE-22CWE-552

References

https://github.com/siyuan-note/siyuan/commit/13b6d3d45e83525654d120f32a3fdc5d9e95df0b(security-advisories@github.com)
https://github.com/siyuan-note/siyuan/releases/tag/v3.6.1(security-advisories@github.com)
https://github.com/siyuan-note/siyuan/security/advisories/GHSA-rjhh-m223-9qqv(security-advisories@github.com)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.