CNNVD-202602-1472 Information

CNNVD ID

CNNVD-202602-1472

Related CVE

CVE-2026-25992

• CNNVD Published: 2026-02-10

Description (Chinese)

SiYuan是SiYuan开源的一个隐私至上的个人知识管理系统。 SiYuan 3.5.5之前版本存在路径遍历漏洞，该漏洞源于/api/file/getFile端点使用区分大小写的字符串相等检查，在大小写不敏感的文件系统上可能被绕过，导致读取受保护的配置文件。

Description (English)

SiYuan is an open-source, private, personal knowledge management system. The previous version of SiYuan 3.5.5 had a loophole in the path, which originated from/api/file/getFile endpoint using a case-sensitive equivalent check, which could be bypassed on an insensitive file system, leading to the reading of protected profiles.

Vulnerability Type

路径遍历

Affected Vendor

SiYuan

Published

2026-02-10

Last Modified

2026-02-24

References

https://github.com/siyuan-note/siyuan/security/advisories/GHSA-f72r-2h5j-7639 https://github.com/siyuan-note/siyuan/releases/tag/v3.5.5 https://access.redhat.com/security/cve/cve-2026-25992

Patch

https://b3log.org/siyuan/