SiYuan 存在任意文件读取 / SSRF 漏洞，位于 github.com/siyuan-note/siyuan/kernel

该SSRF漏洞的潜在影响非常严重。攻击者可以利用该漏洞读取服务器上的任意文件，包括配置文件、数据库凭证、以及其他敏感数据。此外，攻击者还可以利用该漏洞扫描内部网络，发现其他潜在的漏洞，并进行横向移动。如果SiYuan与外部服务集成，攻击者可能通过该漏洞访问外部资源，甚至可能导致数据泄露或服务中断。由于SiYuan被广泛应用于知识管理和笔记记录，该漏洞可能影响大量用户的数据安全。

Organizations and individuals using SiYuan for note-taking and knowledge management are at risk, particularly those running self-hosted instances or deployments where the SiYuan Kernel is exposed to external networks. Shared hosting environments where multiple users share the same SiYuan instance are also at increased risk.

• go / server: Examine application logs for unusual outbound HTTP requests, particularly those originating from internal IP addresses or using unusual protocols. Use netstat or ss to monitor connections and identify suspicious activity.

ss -t tcp -4 -n | grep <internal_ip_address>

• generic web: Monitor access logs for requests to internal resources or unusual file paths. Check response headers for signs of SSRF exploitation.

grep "/internal/path" /var/log/apache2/access.log

1. 2026-02-03Disclosure

   disclosure

1. 已保留2026-01-16
2. 发布日期2026-02-03
3. 修改日期2026-03-03
4. EPSS 更新日期2026-03-23

为了缓解CVE-2026-23850的影响，首要措施是立即升级到0.0.0-20260118092326-b2274baba2e1版本。如果无法立即升级，可以考虑以下临时缓解措施：限制SiYuan的网络访问权限，只允许其访问必要的外部资源；实施严格的输入验证和过滤，防止攻击者构造恶意的请求；使用Web应用防火墙（WAF）来检测和阻止SSRF攻击。升级后，请确认新版本已正确安装并配置，并测试其功能是否正常。