Plattform
go
Komponente
github.com/siyuan-note/siyuan/kernel
Behoben in
3.5.6
0.0.1
CVE-2026-25539 describes a Remote Code Execution (RCE) vulnerability discovered in the SiYuan Kernel, specifically within the /api/file/copyFile endpoint. This flaw allows an attacker to perform arbitrary file writes, potentially leading to complete system compromise. The vulnerability impacts versions of SiYuan Kernel prior to 3.5.5. A fix is available in version 3.5.5.
The impact of CVE-2026-25539 is severe. Successful exploitation allows an attacker to write arbitrary files to the server's file system. This can be leveraged to overwrite critical system files, inject malicious code (e.g., webshells), or gain persistent access to the system. Depending on the SiYuan application's permissions and deployment environment, this could lead to complete control over the server and any data stored within it. The arbitrary file write capability bypasses typical security controls, making it a particularly dangerous vulnerability. The ability to inject code opens the door to data exfiltration, denial-of-service attacks, and further lateral movement within the network.
CVE-2026-25539 was publicly disclosed on 2026-02-02. The vulnerability's ease of exploitation, combined with the potential for significant impact, suggests a medium probability of exploitation. No public proof-of-concept (PoC) code has been released as of this writing, but the vulnerability's nature makes it likely that PoCs will emerge. Monitor security advisories and threat intelligence feeds for updates.
Organizations and individuals using SiYuan Kernel in production environments, particularly those with publicly accessible instances or those lacking robust input validation and access controls, are at significant risk. Shared hosting environments where multiple users share the same SiYuan instance are also particularly vulnerable.
• linux / server:
journalctl -u siyuan -g "/api/file/copyFile"• generic web:
curl -I 'http://<siyuan_server>/api/file/copyFile?path=../../../../etc/passwd' # Check for directory traversaldisclosure
Exploit-Status
EPSS
0.23% (46% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-25539 is to immediately upgrade SiYuan Kernel to version 3.5.5 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the /api/file/copyFile endpoint using a Web Application Firewall (WAF) or proxy server. Implement strict input validation on the destination file path to prevent attackers from specifying arbitrary locations. Monitor system logs for suspicious file write activity, particularly within sensitive directories. Consider implementing file integrity monitoring (FIM) to detect unauthorized modifications to critical files. After upgrading, verify the fix by attempting to trigger the /api/file/copyFile endpoint with a malicious payload and confirming that the write operation is blocked.
Aktualisieren Sie SiYuan auf Version 3.5.5 oder höher. Diese Version behebt die Schwachstelle der beliebigen Dateischreibung. Das Update kann über die Verwaltungs-Schnittstelle der Software durchgeführt oder die neueste Version von der offiziellen Website heruntergeladen werden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-25539 is a critical Remote Code Execution vulnerability in SiYuan Kernel, allowing attackers to write arbitrary files via the /api/file/copyFile endpoint, potentially leading to system compromise.
You are affected if you are using SiYuan Kernel versions prior to 3.5.5. Immediately check your version and upgrade if necessary.
Upgrade SiYuan Kernel to version 3.5.5 or later. As a temporary workaround, restrict access to the /api/file/copyFile endpoint using a WAF or proxy.
As of now, there are no confirmed reports of active exploitation, but the vulnerability's severity warrants immediate attention and mitigation.
Refer to the official SiYuan project website and GitHub repository for the latest security advisories and updates regarding CVE-2026-25539.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine go.mod-Datei hoch und wir sagen dir sofort, ob du betroffen bist.