Platform
go
Component
github.com/siyuan-note/siyuan/kernel
Fixed in
3.5.6
0.0.1
CVE-2026-25539 describes a Remote Code Execution (RCE) vulnerability discovered in the SiYuan Kernel, specifically within the /api/file/copyFile endpoint. This flaw allows an attacker to perform arbitrary file writes, potentially leading to complete system compromise. The vulnerability impacts versions of SiYuan Kernel prior to 3.5.5. A fix is available in version 3.5.5.
The impact of CVE-2026-25539 is severe. Successful exploitation allows an attacker to write arbitrary files to the SiYuan server's filesystem. This can be leveraged to overwrite critical system files, inject malicious code, or gain persistent access to the system. An attacker could potentially execute arbitrary commands with the privileges of the SiYuan process, leading to full system compromise and data exfiltration. The ability to write arbitrary files bypasses typical security controls and represents a significant escalation of privileges.
CVE-2026-25539 was publicly disclosed on 2026-02-02. As of this writing, there are no publicly available proof-of-concept exploits. The EPSS score is likely to be medium due to the ease of exploitation once a public POC is available and the critical severity. Monitor security advisories and threat intelligence feeds for updates on exploitation activity.
Exploit Status
EPSS
0.23% (46% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-25539 is to immediately upgrade SiYuan Kernel to version 3.5.5 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting access to the /api/file/copyFile endpoint using a web application firewall (WAF) or proxy server. Configure the WAF to block requests with suspicious file paths or extensions. Monitor system logs for unusual file write activity, particularly in sensitive directories. After upgrading, verify the fix by attempting to trigger the file write vulnerability and confirming that the request is rejected.
Update SiYuan to version 3.5.5 or later. This version fixes the arbitrary file write vulnerability. The update can be performed through the software's administration interface or by downloading the latest version from the official website.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-25539 is a critical Remote Code Execution vulnerability in SiYuan Kernel, allowing attackers to write arbitrary files via the /api/file/copyFile endpoint, potentially leading to system compromise.
You are affected if you are using SiYuan Kernel versions prior to 3.5.5. Immediately check your version and upgrade if necessary.
Upgrade SiYuan Kernel to version 3.5.5 or later. As a temporary workaround, restrict access to the /api/file/copyFile endpoint using a WAF or proxy.
As of now, there are no confirmed reports of active exploitation, but the vulnerability's severity warrants immediate attention and mitigation.
Refer to the official SiYuan project website and GitHub repository for the latest security advisories and updates regarding CVE-2026-25539.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your go.mod file and we'll tell you instantly if you're affected.