VDB

CVE-2026-32747

CVE-2026-32747 PUBLISHED CVSS 6.800000190734863 MEDIUM

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the globalCopyFiles API eads source files using filepath.Abs() with no workspace boundary check, relying solely on util.IsSensitivePath() whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin can copy /proc/1/environ or Docker secrets into the workspace and read them via the standard file API. An admin can exfiltrate any file readable by the SiYuan process that falls outside the incomplete blocklist. In containerized deployments this includes all injected secrets and environment variables - a common pattern for passing credentials to containers. The exfiltrated files are then accessible via the standard workspace file API and persist until manually deleted. This issue has been fixed in version 3.6.1.

EPSS 0.10% · 26.4th percentile

Risk Scores

CVSS 3.1
6.800000190734863
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
EPSS Score
0.10%
26.4th percentile

Affected Products

VendorProductVersions
b3logsiyuan0, 0, 0
siyuan-notesiyuan< 3.6.1, < 3.6.1, < 3.6.1
github.comsiyuan-note/siyuan/kernel0, 0, 0

Exploit Intelligence

Timeline

  • Mar 14, 2026 PoC Published
  • Mar 16, 2026 CVE Published
  • Mar 17, 2026 Security Advisory
  • Mar 20, 2026 EPSS Score
  • Mar 21, 2026 EPSS Score
  • Mar 22, 2026 EPSS Score
  • Mar 23, 2026 EPSS Score
  • Mar 24, 2026 EPSS Score
  • Mar 25, 2026 EPSS Score
  • Mar 30, 2026 CVE Updated
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›