CVE-2026-32815: Authentication Bypass in SiYuan Kernel
Platform
go
Component
github.com/siyuan-note/siyuan/kernel
Fixed in
3.6.2
0.0.1
CVE-2026-32815 describes an Authentication Bypass vulnerability discovered in the SiYuan Kernel, a core component of the SiYuan note-taking application. This flaw allows attackers to hijack WebSocket connections, resulting in the unauthorized disclosure of sensitive document metadata. The vulnerability impacts versions of the kernel up to and including 0.0.0-20260313024916-fd6526133bb3, and a fix is available in version 3.6.1.
Detect this CVE in your project
Upload your go.mod file and we'll tell you instantly if you're affected.
Impact and Attack Scenarios
The core impact of CVE-2026-32815 lies in the potential for unauthenticated information disclosure. An attacker can exploit this bypass by crafting a malicious request that leverages the /ws WebSocket endpoint with specific URL parameters (?app=siyuan&id=auth&type=auth). Successful exploitation allows the attacker to establish a WebSocket connection and receive all server push events in real-time. This includes sensitive document titles, notebook names, file paths, and details of all create, read, update, and delete (CRUD) operations. This information could be used for reconnaissance, data exfiltration, or to understand the structure and content of a user's notes, potentially leading to further attacks. The lack of authentication makes this vulnerability particularly concerning as it requires minimal effort to exploit.
Exploitation Context
CVE-2026-32815 was publicly disclosed on March 16, 2026. There is currently no indication of active exploitation in the wild, nor are there any publicly available proof-of-concept exploits. The vulnerability is not currently listed on the CISA KEV catalog. Given the ease of exploitation and the potential for information disclosure, it is considered a moderate risk, and proactive patching is recommended.
Threat Intelligence
Exploit Status
EPSS
0.04% (13% percentile)
CISA SSVC
Affected Software
Weakness Classification (CWE)
Timeline
- Reserved
- Published
- Modified
- EPSS updated
Mitigation and Workarounds
The primary mitigation for CVE-2026-32815 is to upgrade to SiYuan Kernel version 3.6.1 or later, which contains the fix for this authentication bypass. If immediate upgrading is not feasible, consider implementing temporary workarounds. While a direct WAF rule is difficult to implement due to the nature of the bypass, restricting access to the /ws endpoint based on origin (allowing only SiYuan's own domain) can provide some protection. Carefully review and restrict the allowed origins for WebSocket connections. Monitor WebSocket traffic for unusual activity or connections from unexpected sources. After upgrading, confirm the fix by attempting to connect to the /ws endpoint without proper authentication and verifying that the connection is rejected.
How to fix
Update SiYuan to version 3.6.1 or higher. This version fixes the authentication bypass vulnerability in the WebSocket endpoint, preventing unauthorized access to system information.
CVE Security Newsletter
Vulnerability analysis and critical alerts directly to your inbox.
Frequently asked questions
What is CVE-2026-32815 — Authentication Bypass in SiYuan Kernel?
CVE-2026-32815 is a vulnerability in the SiYuan Kernel that allows attackers to bypass authentication and hijack WebSocket connections, leading to information disclosure.
Am I affected by CVE-2026-32815 in SiYuan Kernel?
You are affected if you are using SiYuan Kernel versions prior to 3.6.1 (≤0.0.0-20260313024916-fd6526133bb3).
How do I fix CVE-2026-32815 in SiYuan Kernel?
Upgrade to SiYuan Kernel version 3.6.1 or later to remediate the vulnerability. Consider origin restrictions as a temporary workaround.
Is CVE-2026-32815 being actively exploited?
There is currently no evidence of active exploitation in the wild, but proactive patching is recommended.
Where can I find the official SiYuan advisory for CVE-2026-32815?
Refer to the SiYuan project's official security advisories and release notes for details: [https://github.com/siyuan-note/siyuan/releases](https://github.com/siyuan-note/siyuan/releases)
Is your project affected?
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.