免费扫描
CRITICALCVE-2026-32938CVSS 9.9

SiYuan Vulnerable to Arbitrary File Read in Desktop Publish Service

翻译中…

平台

go

组件

github.com/siyuan-note/siyuan/kernel

修复版本

3.6.2

0.0.1

AI Confidence: highNVDEPSS 0.2%已审阅: 2026年5月
在NVD查看
保存
正在翻译为您的语言…

CVE-2026-32938 describes an Arbitrary File Access vulnerability discovered in the SiYuan kernel. This flaw allows attackers to copy sensitive local files into the workspace and subsequently exfiltrate them. The vulnerability affects SiYuan versions up to and including 0.0.0-20260313024916-fd6526133bb3. A fix is available in version 3.6.1.

Go

检测此 CVE 是否影响你的项目

上传你的 go.mod 文件,立即知道是否受影响。

上传 go.mod

影响与攻击场景翻译中…

The vulnerability lies within the /api/lute/html2BlockDOM endpoint, which handles HTML pasting. An attacker can leverage this by crafting malicious HTML containing file:// links pointing to sensitive local files. The SiYuan kernel then copies these files into the workspace assets directory without proper path validation. Crucially, the /assets/*path endpoint, accessible with authentication, allows the attacker to retrieve these copied files via a simple GET request. This enables the exfiltration of sensitive data, including configuration files, credentials, or other confidential information stored on the system. The blast radius extends to any data accessible by the user running the SiYuan desktop application.

利用背景翻译中…

This vulnerability was publicly disclosed on 2026-03-17. The severity is rated as CRITICAL (CVSS 9.9). No public proof-of-concept exploits have been released as of this writing, but the vulnerability's ease of exploitation makes it a likely target. It is not currently listed on CISA KEV. The vulnerability's reliance on HTML pasting and file access patterns suggests a potential for exploitation through phishing campaigns or malicious document sharing.

哪些人处于风险中翻译中…

Users of SiYuan who handle sensitive data, particularly those who frequently paste content from external sources, are at significant risk. Organizations using SiYuan in shared hosting environments or with legacy configurations lacking robust access controls are especially vulnerable.

检测步骤翻译中…

• linux / server:

journalctl -u siyuan -g "html2BlockDOM"

• generic web:

curl -I 'http://<siyuan_server>/api/lute/html2BlockDOM?file:///etc/passwd' # Check for file access

• generic web:

 grep -r 'file://' /var/log/nginx/access.log # Look for file:// URLs in access logs

攻击时间线

  1. Disclosure

    disclosure

威胁情报

漏洞利用状态

概念验证未知
CISA KEVNO
互联网暴露
报告1 份威胁报告

EPSS

0.22% (45% 百分位)

CISA SSVC

利用情况poc
可自动化no
技术影响total

CVSS 向量

威胁情报· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H9.9CRITICALAttack VectorNetwork攻击者如何到达目标Attack ComplexityLow利用漏洞所需的条件Privileges RequiredLow攻击所需的认证级别User InteractionNone是否需要受害者采取行动ScopeChanged超出受影响组件的影响范围ConfidentialityHigh敏感数据泄露风险IntegrityLow数据未授权篡改风险AvailabilityHigh服务中断风险nextguardhq.com · CVSS v3.1 基础分数
这些指标意味着什么?
Attack Vector
网络 — 可通过互联网远程利用,无需物理或本地访问。攻击面最大。
Attack Complexity
低 — 无需特殊条件,可以稳定地利用漏洞。
Privileges Required
低 — 任何有效用户账户均可。
User Interaction
无 — 攻击自动且无声,受害者无需任何操作。
Scope
已改变 — 攻击可以超出脆弱组件,影响其他系统。
Confidentiality
高 — 完全丧失机密性,攻击者可读取所有数据。
Integrity
低 — 攻击者可修改部分数据,影响有限。
Availability
高 — 完全崩溃或资源耗尽,完全拒绝服务。

受影响的软件

组件github.com/siyuan-note/siyuan/kernel
供应商osv
影响范围修复版本
< 3.6.1 – < 3.6.13.6.2
0.0.0-20260313024916-fd6526133bb30.0.1

弱点分类 (CWE)

CWE-22CWE-200CWE-284

时间线

  1. 已保留
  2. 发布日期
  3. 修改日期
  4. EPSS 更新日期

缓解措施和替代方案翻译中…

The primary mitigation is to upgrade to SiYuan version 3.6.1 or later, which includes the necessary path validation fixes. If upgrading immediately is not feasible, consider restricting access to the /assets/*path endpoint to authenticated users only, although this does not fully address the underlying vulnerability. Implement a Web Application Firewall (WAF) rule to block requests containing file:// URLs in the /api/lute/html2BlockDOM endpoint. Monitor SiYuan logs for unusual file access patterns or attempts to access files in the workspace assets directory. There are no specific Sigma or YARA rules available at this time, but monitoring file creation events in the workspace directory is recommended.

修复方法翻译中…

Actualice SiYuan a la versión 3.6.1 o superior. Esta versión corrige la vulnerabilidad que permite la lectura arbitraria de archivos. La actualización se puede realizar descargando la última versión desde el sitio web oficial o utilizando el mecanismo de actualización integrado en la aplicación.

CVE 安全通讯

漏洞分析和关键警报直接发送到您的邮箱。

常见问题翻译中…

What is CVE-2026-32938 — Arbitrary File Access in SiYuan Kernel?

CVE-2026-32938 is a CRITICAL vulnerability in SiYuan's kernel allowing attackers to copy and exfiltrate sensitive files through HTML pasting, affecting versions up to 0.0.0-20260313024916-fd6526133bb3.

Am I affected by CVE-2026-32938 in SiYuan Kernel?

You are affected if you are using SiYuan kernel versions prior to 3.6.1. Check your version and upgrade immediately to mitigate the risk.

How do I fix CVE-2026-32938 in SiYuan Kernel?

Upgrade to SiYuan version 3.6.1 or later. As a temporary workaround, restrict access to the /assets/*path endpoint.

Is CVE-2026-32938 being actively exploited?

While no public exploits are currently available, the vulnerability's ease of exploitation suggests it may become a target for attackers.

Where can I find the official SiYuan advisory for CVE-2026-32938?

Refer to the official SiYuan security advisory for detailed information and updates: [https://github.com/siyuan-note/siyuan/security/advisories/GHSA-xxxx-xxxx-xxxx](replace with actual advisory link)

你的项目受影响吗?

上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。

免费扫描搜索 CVE