SiYuan 存在文件复制功能中的任意文件读取漏洞 (Arbitrary File Read) 在 github.com/siyuan-note/siyuan/kernel

攻击者可以利用此漏洞读取服务器上的任何文件，包括配置文件、源代码、数据库备份等。这可能导致敏感信息泄露，例如用户名、密码、API 密钥、商业机密等。如果服务器上存储了用户数据，攻击者还可以通过此漏洞访问用户数据。该漏洞的潜在影响范围取决于服务器上存储的数据类型和敏感程度。由于攻击者可以读取任意文件，因此可能导致进一步的攻击，例如横向移动到其他系统或执行恶意代码。

Organizations and individuals using SiYuan for note-taking, particularly those storing sensitive information within the application, are at risk. Users running older, unpatched versions of SiYuan are especially vulnerable. Shared hosting environments where multiple users share the same SiYuan instance are also at increased risk.

• linux / server: Monitor SiYuan process logs for unusual file access attempts. Use auditd to track file access events and create rules to alert on unauthorized reads.

auditctl -w /path/to/siyuan/data -p wa -k siyuan_file_access

• go: Examine the SiYuan source code for the file copy function and related areas for potential vulnerabilities. Use static analysis tools to identify potential security flaws. • generic web: Monitor web server access logs for requests containing unusual file paths or attempts to access sensitive files via the SiYuan application.

1. 2026-02-03Disclosure

   disclosure

1. 已保留2026-01-16
2. 发布日期2026-02-03
3. 修改日期2026-03-03
4. EPSS 更新日期2026-03-23

最有效的缓解措施是升级到修复版本 0.0.0-20260118092521-f8f4b517077b。如果无法立即升级，可以考虑以下临时缓解措施：限制文件复制功能的访问权限，只允许授权用户访问特定文件。实施严格的文件访问控制策略，确保只有授权用户才能访问敏感文件。监控文件系统活动，检测未经授权的文件访问尝试。在升级后，确认漏洞已修复，可以通过尝试访问受影响的文件来验证。