Description
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importStdMd passes the localPath parameter directly to model.ImportFromLocalPath with zero path validation. The function recursively reads every file under the given path and permanently stores their content as SiYuan note documents in the workspace database, making them searchable and accessible to all workspace users. Data persists in the workspace database across restarts and is accessible to Publish Service Reader accounts. Combined with the renderSprig SQL injection ( separate advisory ), a non-admin user can then read all imported secrets without any additional privileges. This issue has been fixed in version 3.6.1.
Published: 2026-03-19
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized data exposure to all users
Action: Immediate Patch
AI Analysis

Impact

SiYuan Personal Knowledge Management System allowed any authenticated user to submit a local file path that was imported without validation. The import process recursively read every file under the given path and stored the content as persistent note documents in the workspace database, making them searchable and available to all workspace users. When combined with a separate SQL injection vulnerability, a non‑admin user could read the imported secrets without additional privileges. This leads to unauthorized information disclosure and potential privilege escalation. The vulnerability was mitigated in version 3.6.1.

Affected Systems

The affected product is SiYuan, a personal knowledge management tool from the vendor siyuan-note. Versions 3.6.0 and earlier are vulnerable; the issue was fixed in version 3.6.1. All installations using the affected releases should be considered compromised until updated.

Risk and Exploitability

The CVSS score of 6.8 indicates a medium severity, and the EPSS score of less than 1% suggests low current exploit activity. The vulnerability is not listed in CISA’s KEV catalog. Attackers can trigger the flaw by sending a POST request to the /api/import/importStdMd endpoint with an arbitrary local path; no additional privileges are required beyond normal authenticated API access. The risk is amplified when combined with the separate renderSprig SQL injection advisory. If only the import functionality is exploited without the injection, the threat reduces to information disclosure; with the injection, it extends to full data exfiltration and potential privilege escalation.

Generated by OpenCVE AI on March 23, 2026 at 19:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update SiYuan to version 3.6.1 or later.
  • Restrict the /api/import/importStdMd API to administrative users only until the patch is applied.
  • Verify that no sensitive files were imported as notes in the workspace database.

Generated by OpenCVE AI on March 23, 2026 at 19:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-rjhh-m223-9qqv SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes
History

Wed, 25 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared B3log
B3log siyuan
CPEs cpe:2.3:a:b3log:siyuan:*:*:*:*:*:*:*:*
Vendors & Products B3log
B3log siyuan

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Siyuan
Siyuan siyuan
Vendors & Products Siyuan
Siyuan siyuan

Thu, 19 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
Description SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importStdMd passes the localPath parameter directly to model.ImportFromLocalPath with zero path validation. The function recursively reads every file under the given path and permanently stores their content as SiYuan note documents in the workspace database, making them searchable and accessible to all workspace users. Data persists in the workspace database across restarts and is accessible to Publish Service Reader accounts. Combined with the renderSprig SQL injection ( separate advisory ), a non-admin user can then read all imported secrets without any additional privileges. This issue has been fixed in version 3.6.1.
Title SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes
Weaknesses CWE-22
CWE-552
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N'}

Subscriptions

B3log Siyuan
Siyuan Siyuan
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-25T14:55:08.789Z

Reserved: 2026-03-13T18:53:03.531Z

Link: CVE-2026-32750

cve-icon Vulnrichment

Updated: 2026-03-25T14:54:45.119Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T22:16:41.303

Modified: 2026-03-23T18:09:19.310

Link: CVE-2026-32750

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T11:54:45Z

Weaknesses