CVE-2026-32747
Path Traversal in SiYuan 3.6.0 Allows Sensitive File Exfiltration
Publication date: 2026-03-19
Last updated on: 2026-03-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| b3log | siyuan | to 3.6.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-184 | The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete. |
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-32747 is a vulnerability in the SiYuan personal knowledge management system, versions 3.6.0 and below. It arises from improper handling of file path checks in the globalCopyFiles API, which reads source files using filepath.Abs() without enforcing workspace boundary restrictions.'}, {'type': 'paragraph', 'content': "The system relies solely on a function called util.IsSensitivePath() to block sensitive file paths. However, this function's blocklist is incomplete and omits critical sensitive directories such as /proc/, /run/secrets/, and user home directory dotfiles (e.g., .aws/credentials, .ssh/id_rsa)."}, {'type': 'paragraph', 'content': 'As a result, an administrator can exploit this flaw to copy sensitive files like /proc/1/environ (which contains environment variables including secrets), Docker secrets stored under /run/secrets/, and private user credentials into the workspace directory. These files can then be accessed and read via the standard file API.'}, {'type': 'paragraph', 'content': 'The vulnerability is due to insufficient path normalization and incomplete prefix checking in the sensitive path detection function, allowing unauthorized access to sensitive files outside the intended workspace boundaries.'}] [1, 2]
How can this vulnerability impact me? :
This vulnerability allows an administrator with access to the SiYuan API to exfiltrate any file readable by the SiYuan process that is not blocked by the incomplete sensitive path blocklist.
In containerized deployments, this includes all injected secrets and environment variables, which are commonly used to pass credentials to containers.
- Exposure of sensitive environment variables such as database credentials and API keys.
- Access to Docker secrets stored in /run/secrets/.
- Reading private user credentials and configuration files from home directory dotfiles.
The exfiltrated files remain accessible via the workspace file API until manually deleted, increasing the risk of data leakage.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for unauthorized file copy operations via the SiYuan API endpoint `/api/file/globalCopyFiles` that access sensitive files outside the workspace boundary, such as `/proc/1/environ` or files under `/run/secrets/`.'}, {'type': 'paragraph', 'content': 'Since the vulnerability involves an admin user exploiting the API to copy sensitive files, detection can involve inspecting API request logs for POST requests to `/api/file/globalCopyFiles` with suspicious source file paths.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect exploitation attempts include:'}, {'type': 'list_item', 'content': 'Use network monitoring tools (e.g., tcpdump, Wireshark) to filter HTTP POST requests to `/api/file/globalCopyFiles`.'}, {'type': 'list_item', 'content': 'Search SiYuan server logs for POST requests containing file paths like `/proc/1/environ` or paths under `/run/secrets/`.'}, {'type': 'list_item', 'content': "On the host system, run commands to find recently copied or created files in the workspace directory that match sensitive filenames, for example: `find /path/to/workspace -type f -name '*environ*' -o -name '*credentials*' -o -name 'id_*' -exec ls -l {} +`."}] [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade SiYuan to version 3.6.1 or later, where the vulnerability has been fixed by improving the sensitive path checks and enforcing workspace boundary restrictions.
Until the upgrade is applied, restrict admin access to the SiYuan API to trusted users only, as exploitation requires admin privileges.
Additionally, monitor and audit file copy operations via the `/api/file/globalCopyFiles` endpoint and manually delete any unauthorized sensitive files copied into the workspace.
In containerized environments, consider limiting the SiYuan process permissions and avoid mounting sensitive host directories into the workspace volume.