CVE-2026-23850
Unrestricted HTML Rendering in SiYuan Markdown Enables Arbitrary File Read
Publication date: 2026-01-19
Last updated on: 2026-04-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| siyuan_note | siyuan | to 3.5.4 (exc) |
| siyuan_note | siyuan | 3.5.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows arbitrary file reading on the server, which can lead to unauthorized access to sensitive files and data. This unauthorized access poses a risk of data breaches involving personal or sensitive information, potentially violating compliance requirements under standards like GDPR and HIPAA that mandate protection of personal and health-related data. Therefore, exploitation of this vulnerability could result in non-compliance with such regulations due to inadequate data protection and potential exposure of confidential information. The recommended mitigation is to upgrade to version 3.5.4 or later where the issue is fixed. [5, 6]
Can you explain this vulnerability to me?
CVE-2026-23850 is an arbitrary file read vulnerability in the Siyuan Note personal knowledge management system versions prior to 3.5.4. It arises because the markdown feature allows unrestricted server-side HTML rendering without proper sanitization, enabling attackers to read arbitrary files on the server. The vulnerability is due to insufficient validation of file paths when processing markdown input, which can be exploited to access sensitive files. Additionally, the vulnerability includes a server-side request forgery (SSRF) component that allows attackers to access internal hosts. The issue was fixed in version 3.5.4. [1, 5, 6]
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows attackers to read any file on the server, including sensitive system and user files such as /etc/passwd, configuration files, and private keys. It also enables SSRF attacks, allowing attackers to reach internal hosts that are otherwise inaccessible. This can lead to unauthorized disclosure of sensitive information, potential further exploitation of internal systems, and compromise of the affected server's confidentiality and integrity. [5, 6]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if your Siyuan Note installation is running a vulnerable version prior to 3.5.4 and if the markdown feature is being exploited to perform arbitrary file reads. A practical approach includes monitoring HTTP requests to the server for suspicious markdown document creation or asset retrieval patterns, especially requests embedding file:// URIs or unusual URLs in markdown content. Since a proof-of-concept Python script exists that authenticates and creates markdown documents to read files, network traffic analysis tools (e.g., tcpdump, Wireshark) can be used to detect such suspicious POST requests to markdown creation endpoints and GET requests to /assets/ paths retrieving unexpected file contents. Specific commands might include: 1. Using curl or similar to check the version: `curl -s http://your-siyuan-instance/version` (if version endpoint exists) or checking the application version directly. 2. Using tcpdump to capture HTTP traffic: `tcpdump -i eth0 -A port 80 or port 443 | grep -i 'file://'` to detect file URI usage in requests. 3. Reviewing server logs for markdown document creation requests containing suspicious payloads. However, no explicit detection commands or signatures are provided in the resources. [6]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Siyuan Note to version 3.5.4 or later, where the vulnerability has been fixed. This version includes proper sanitization of markdown input and improved validation to prevent arbitrary file reads and SSRF attacks. Until the upgrade can be applied, restrict access to the Siyuan Note service to trusted users only, monitor for suspicious activity involving markdown document creation, and consider disabling or restricting the markdown feature if possible. Applying network-level protections such as firewall rules to limit external access to the service and internal hosts can also reduce risk. [6]