Plataforma
go
Componente
github.com/siyuan-note/siyuan/kernel
Corregido en
3.6.1
3.6.0
CVE-2026-32110 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in the SiYuan Kernel component of the SiYuan note-taking application. This vulnerability allows attackers to potentially access internal resources and sensitive data by manipulating the /api/network/forwardProxy endpoint. The vulnerability impacts versions of SiYuan Kernel before v3.6.0. A fix is available in version 3.6.0.
The SSRF vulnerability in SiYuan Kernel allows an attacker to craft malicious requests through the /api/network/forwardProxy endpoint. This can lead to unauthorized access to internal services and resources that are not directly exposed to the internet. An attacker could potentially read sensitive data stored within the SiYuan application or even interact with other internal systems. The full-read nature of the SSRF means the attacker isn't limited to specific protocols or ports, significantly expanding the potential attack surface. While no immediate data exfiltration is guaranteed, successful exploitation could provide valuable reconnaissance information for further attacks.
CVE-2026-32110 was publicly disclosed on 2026-03-12. The vulnerability is present in the github.com/siyuan-note/siyuan/kernel Go module. There is no indication of active exploitation or KEV listing as of this writing. Public proof-of-concept code is currently unavailable, but the SSRF nature of the vulnerability makes it likely that such code will emerge.
Organizations using SiYuan for note-taking, particularly those with internal services or resources that are not directly exposed to the internet, are at risk. Environments with legacy SiYuan installations or those that have not implemented robust network segmentation are especially vulnerable.
• linux / server: Monitor SiYuan application logs for unusual outbound network connections originating from the /api/network/forwardProxy endpoint. Use journalctl -u siyuan to filter for relevant log entries.
journalctl -u siyuan | grep '/api/network/forwardProxy'• generic web: Use curl to test the /api/network/forwardProxy endpoint with various internal and external URLs to identify potential SSRF behavior.
curl -v 'http://localhost:10000/api/network/forwardProxy?url=http://169.254.169.254/latest/meta-data/'disclosure
Estado del Exploit
EPSS
0.04% (14% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2026-32110 is to upgrade SiYuan Kernel to version 3.6.0 or later. If upgrading immediately is not feasible, consider implementing temporary workarounds such as restricting outbound network access from the SiYuan server using a firewall or proxy. Carefully review and restrict the allowed domains or IP addresses that the /api/network/forwardProxy endpoint can access. Implementing a Web Application Firewall (WAF) with SSRF protection rules can also help to block malicious requests. Monitor application logs for suspicious outbound requests originating from the /api/network/forwardProxy endpoint.
Actualice SiYuan a la versión 3.6.0 o posterior. Esta versión corrige la vulnerabilidad SSRF en el endpoint /api/network/forwardProxy. La actualización evitará que usuarios autenticados realicen solicitudes HTTP arbitrarias desde el servidor.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2026-32110 is a Server-Side Request Forgery (SSRF) vulnerability in the SiYuan Kernel component, allowing attackers to potentially access internal resources via the /api/network/forwardProxy endpoint.
You are affected if you are using SiYuan Kernel versions prior to 3.6.0. Assess your environment to determine if you are running a vulnerable version.
Upgrade SiYuan Kernel to version 3.6.0 or later. As a temporary workaround, restrict outbound network access from the SiYuan server.
There is currently no evidence of active exploitation, but the SSRF nature of the vulnerability suggests potential for future exploitation.
Refer to the SiYuan project's official security advisories and release notes for details on CVE-2026-32110 and the corresponding fix.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.
Sube tu archivo go.mod y te decimos al instante si estás afectado.