CNNVD-202602-543 Information

CNNVD ID

CNNVD-202602-543

Related CVE

CVE-2026-25539

• CNNVD Published: 2026-02-04

Description (Chinese)

SiYuan是SiYuan开源的一个隐私至上的个人知识管理系统。 SiYuan 3.5.5之前版本存在路径遍历漏洞，该漏洞源于/api/file/copyFile端点未验证dest参数，可能导致写入文件至任意位置，进而引发远程代码执行。

Description (English)

SiYuan is an open-source, private, personal knowledge management system. The previous version of SiYuan 3.5.5 had a loophole in the path, which originated from/api/file/copyFile endpoints that did not validate the best parameters, which could lead to writing the file to any location, thus triggering remote code execution.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

SiYuan

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/siyuan-note/siyuan/commit/d7f790755edf8c78d2b4176171e5a0cdcd720feb https://github.com/siyuan-note/siyuan/security/advisories/GHSA-c4jr-5q7w-f6r9

Patch

https://b3log.org/siyuan/download.html