CVE-2026-32747
Received Received - Intake
Path Traversal in SiYuan 3.6.0 Allows Sensitive File Exfiltration

Publication date: 2026-03-19

Last updated on: 2026-03-23

Assigner: GitHub, Inc.

Description
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the globalCopyFiles API eads source files using filepath.Abs() with no workspace boundary check, relying solely on util.IsSensitivePath() whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin can copy /proc/1/environ or Docker secrets into the workspace and read them via the standard file API. An admin can exfiltrate any file readable by the SiYuan process that falls outside the incomplete blocklist. In containerized deployments this includes all injected secrets and environment variables - a common pattern for passing credentials to containers. The exfiltrated files are then accessible via the standard workspace file API and persist until manually deleted. This issue has been fixed in version 3.6.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-19
Last Modified
2026-03-23
Generated
2026-06-16
AI Q&A
2026-03-19
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32747
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
b3log siyuan to 3.6.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-184 The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-32747 is a vulnerability in the SiYuan personal knowledge management system, versions 3.6.0 and below. It arises from improper handling of file path checks in the globalCopyFiles API, which reads source files using filepath.Abs() without enforcing workspace boundary restrictions.'}, {'type': 'paragraph', 'content': "The system relies solely on a function called util.IsSensitivePath() to block sensitive file paths. However, this function's blocklist is incomplete and omits critical sensitive directories such as /proc/, /run/secrets/, and user home directory dotfiles (e.g., .aws/credentials, .ssh/id_rsa)."}, {'type': 'paragraph', 'content': 'As a result, an administrator can exploit this flaw to copy sensitive files like /proc/1/environ (which contains environment variables including secrets), Docker secrets stored under /run/secrets/, and private user credentials into the workspace directory. These files can then be accessed and read via the standard file API.'}, {'type': 'paragraph', 'content': 'The vulnerability is due to insufficient path normalization and incomplete prefix checking in the sensitive path detection function, allowing unauthorized access to sensitive files outside the intended workspace boundaries.'}] [1, 2]

Impact Analysis

This vulnerability allows an administrator with access to the SiYuan API to exfiltrate any file readable by the SiYuan process that is not blocked by the incomplete sensitive path blocklist.

In containerized deployments, this includes all injected secrets and environment variables, which are commonly used to pass credentials to containers.

  • Exposure of sensitive environment variables such as database credentials and API keys.
  • Access to Docker secrets stored in /run/secrets/.
  • Reading private user credentials and configuration files from home directory dotfiles.

The exfiltrated files remain accessible via the workspace file API until manually deleted, increasing the risk of data leakage.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for unauthorized file copy operations via the SiYuan API endpoint `/api/file/globalCopyFiles` that access sensitive files outside the workspace boundary, such as `/proc/1/environ` or files under `/run/secrets/`.'}, {'type': 'paragraph', 'content': 'Since the vulnerability involves an admin user exploiting the API to copy sensitive files, detection can involve inspecting API request logs for POST requests to `/api/file/globalCopyFiles` with suspicious source file paths.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect exploitation attempts include:'}, {'type': 'list_item', 'content': 'Use network monitoring tools (e.g., tcpdump, Wireshark) to filter HTTP POST requests to `/api/file/globalCopyFiles`.'}, {'type': 'list_item', 'content': 'Search SiYuan server logs for POST requests containing file paths like `/proc/1/environ` or paths under `/run/secrets/`.'}, {'type': 'list_item', 'content': "On the host system, run commands to find recently copied or created files in the workspace directory that match sensitive filenames, for example: `find /path/to/workspace -type f -name '*environ*' -o -name '*credentials*' -o -name 'id_*' -exec ls -l {} +`."}] [2]

Mitigation Strategies

The immediate mitigation step is to upgrade SiYuan to version 3.6.1 or later, where the vulnerability has been fixed by improving the sensitive path checks and enforcing workspace boundary restrictions.

Until the upgrade is applied, restrict admin access to the SiYuan API to trusted users only, as exploitation requires admin privileges.

Additionally, monitor and audit file copy operations via the `/api/file/globalCopyFiles` endpoint and manually delete any unauthorized sensitive files copied into the workspace.

In containerized environments, consider limiting the SiYuan process permissions and avoid mounting sensitive host directories into the workspace volume.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32747. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart