Description
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the globalCopyFiles API eads source files using filepath.Abs() with no workspace boundary check, relying solely on util.IsSensitivePath() whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin can copy /proc/1/environ or Docker secrets into the workspace and read them via the standard file API. An admin can exfiltrate any file readable by the SiYuan process that falls outside the incomplete blocklist. In containerized deployments this includes all injected secrets and environment variables - a common pattern for passing credentials to containers. The exfiltrated files are then accessible via the standard workspace file API and persist until manually deleted. This issue has been fixed in version 3.6.1.
Published: 2026-03-19
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality breach: unauthorized reading of system and container secrets
Action: Patch Immediately
AI Analysis

Impact

The globalCopyFiles API in SiYuan versions 3.6.0 and earlier was designed to copy files into the workspace, but it resolved paths using filepath.Abs() without enforcing a workspace boundary. The API relied on util.IsSensitivePath() to filter out dangerous paths, but the blocklist omitted critical system paths such as /proc/, /run/secrets/, and dotfiles in the home directory. Attackers with administrative privileges within the application could copy sensitive system files, Docker secret files, or process environment variables into the workspace. These files could then be accessed through the normal file API, allowing the exfiltration of any data readable by the SiYuan process without requiring external network connections.

Affected Systems

The vulnerability affects the mainstream SiYuan note‑taking application, including product Siyuan by Siyuan Note, in all releases prior to version 3.6.1. Users running SiYuan 3.6.0 or older, especially in containerised environments where Docker secrets and environment variables are injected into the process, are at risk.

Risk and Exploitability

With a CVSS score of 6.8, the vulnerability poses a moderate to high threat, particularly in environments that expose the globalCopyFiles endpoint to privileged users. The EPSS score indicates that exploitation is relatively unlikely at this time, and the issue is not listed in the CISA KEV catalog. Attackers would need administrative access to Siyuan to invoke the vulnerable API. Once the vulnerable functionality is used, the attacker can read arbitrary files that the application can access, potentially extracting critical secrets used by the container.

Generated by OpenCVE AI on March 23, 2026 at 19:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade SiYuan to version 3.6.1 or later to eliminate the path bypass in the globalCopyFiles API.

Generated by OpenCVE AI on March 23, 2026 at 19:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-h5vh-m7fg-w5h6 SiYuan globalCopyFiles: incomplete sensitive path blocklist allows reading /proc and Docker secrets
History

Mon, 23 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared B3log
B3log siyuan
CPEs cpe:2.3:a:b3log:siyuan:*:*:*:*:*:*:*:*
Vendors & Products B3log
B3log siyuan

Fri, 20 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Siyuan
Siyuan siyuan
Vendors & Products Siyuan
Siyuan siyuan

Thu, 19 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Description SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the globalCopyFiles API eads source files using filepath.Abs() with no workspace boundary check, relying solely on util.IsSensitivePath() whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin can copy /proc/1/environ or Docker secrets into the workspace and read them via the standard file API. An admin can exfiltrate any file readable by the SiYuan process that falls outside the incomplete blocklist. In containerized deployments this includes all injected secrets and environment variables - a common pattern for passing credentials to containers. The exfiltrated files are then accessible via the standard workspace file API and persist until manually deleted. This issue has been fixed in version 3.6.1.
Title SiYuan: Incomplete sensitive path blocklist in globalCopyFiles allows reading /proc and Docker secrets
Weaknesses CWE-184
CWE-22
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N'}

Subscriptions

B3log Siyuan
Siyuan Siyuan
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-20T17:08:31.863Z

Reserved: 2026-03-13T18:53:03.531Z

Link: CVE-2026-32747

cve-icon Vulnrichment

Updated: 2026-03-20T17:08:20.895Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T21:17:10.737

Modified: 2026-03-23T18:23:38.777

Link: CVE-2026-32747

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T11:54:53Z

Weaknesses