Plataforma
go
Componente
github.com/siyuan-note/siyuan/kernel
Corregido en
3.6.2
0.0.1
CVE-2026-32815 describes an Authentication Bypass vulnerability discovered in the SiYuan Kernel, a core component of the SiYuan note-taking application. This flaw allows attackers to hijack WebSocket connections, resulting in the unauthorized disclosure of sensitive document metadata. The vulnerability impacts versions of the kernel up to and including 0.0.0-20260313024916-fd6526133bb3, and a fix is available in version 3.6.1.
The core impact of CVE-2026-32815 lies in the potential for unauthenticated information disclosure. An attacker can exploit this bypass by crafting a malicious request that leverages the /ws WebSocket endpoint with specific URL parameters (?app=siyuan&id=auth&type=auth). Successful exploitation allows the attacker to establish a WebSocket connection and receive all server push events in real-time. This includes sensitive document titles, notebook names, file paths, and details of all create, read, update, and delete (CRUD) operations. This information could be used for reconnaissance, data exfiltration, or to understand the structure and content of a user's notes, potentially leading to further attacks. The lack of authentication makes this vulnerability particularly concerning as it requires minimal effort to exploit.
CVE-2026-32815 was publicly disclosed on March 16, 2026. There is currently no indication of active exploitation in the wild, nor are there any publicly available proof-of-concept exploits. The vulnerability is not currently listed on the CISA KEV catalog. Given the ease of exploitation and the potential for information disclosure, it is considered a moderate risk, and proactive patching is recommended.
Organizations and individuals using SiYuan for note-taking, particularly those who rely on the application to store sensitive information, are at risk. Deployment environments with exposed SiYuan instances, or those with weak network segmentation, are especially vulnerable. Users who have not applied security updates are also at increased risk.
• linux / server:
journalctl -u siyuan -f | grep "WebSocket connection established without authentication"• generic web:
curl -v https://<siyuan_server>/ws?app=siyuan&id=auth&type=auth 2>&1 | grep -i "connection established"disclosure
Estado del Exploit
EPSS
0.04% (13% percentil)
CISA SSVC
The primary mitigation for CVE-2026-32815 is to upgrade to SiYuan Kernel version 3.6.1 or later, which contains the fix for this authentication bypass. If immediate upgrading is not feasible, consider implementing temporary workarounds. While a direct WAF rule is difficult to implement due to the nature of the bypass, restricting access to the /ws endpoint based on origin (allowing only SiYuan's own domain) can provide some protection. Carefully review and restrict the allowed origins for WebSocket connections. Monitor WebSocket traffic for unusual activity or connections from unexpected sources. After upgrading, confirm the fix by attempting to connect to the /ws endpoint without proper authentication and verifying that the connection is rejected.
Actualice SiYuan a la versión 3.6.1 o superior. Esta versión corrige la vulnerabilidad de omisión de autenticación en el endpoint WebSocket, impidiendo el acceso no autorizado a la información del sistema.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2026-32815 is a vulnerability in the SiYuan Kernel that allows attackers to bypass authentication and hijack WebSocket connections, leading to information disclosure.
You are affected if you are using SiYuan Kernel versions prior to 3.6.1 (≤0.0.0-20260313024916-fd6526133bb3).
Upgrade to SiYuan Kernel version 3.6.1 or later to remediate the vulnerability. Consider origin restrictions as a temporary workaround.
There is currently no evidence of active exploitation in the wild, but proactive patching is recommended.
Refer to the SiYuan project's official security advisories and release notes for details: [https://github.com/siyuan-note/siyuan/releases](https://github.com/siyuan-note/siyuan/releases)
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.
Sube tu archivo go.mod y te decimos al instante si estás afectado.