CNNVD-202601-2994 Information
CNNVD ID
CNNVD-202601-2994
Related CVE
- CNNVD Published: 2026-01-19
Description (Chinese)
SiYuan是SiYuan开源的一个隐私至上的个人知识管理系统。 SiYuan 3.5.4之前版本存在路径遍历漏洞,该漏洞源于/api/file/globalCopyFiles端点存在逻辑漏洞,缺少适当的路径验证,可能导致经过身份验证的用户将服务器文件系统上任意位置的文件复制到应用程序工作区。
Description (English)
SiYuan is an open-source, private, personal knowledge management system. The previous version of SiYuan 3.5.4 had a loophole in the path, which stemmed from the logical loophole of the /api/file/globalCopyFiles endpoint and the lack of proper path validation, which could result in the authentication user copying a file anywhere on the server file system to the application workspace.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
SiYuan
Published
2026-01-19
Last Modified
2026-02-24
References
https://github.com/siyuan-note/siyuan/commit/f8f4b517077b92c90c0d7b51ac11be1b34b273ad https://github.com/siyuan-note/siyuan/issues/16860 https://github.com/siyuan-note/siyuan/security/advisories/GHSA-94c7-g2fj-7682 https://github.com/siyuan-note/siyuan/commit/b2274baba2e11c8cf8901b0c5c871e5b27f1f6dd https://access.redhat.com/security/cve/cve-2026-23851
Patch
https://github.com/siyuan-note/siyuan/releases
Share on: