CVE-2026-32747 in SiYuan
Summary
by MITRE • 03/20/2026
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the globalCopyFiles API eads source files using filepath.Abs() with no workspace boundary check, relying solely on util.IsSensitivePath() whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin can copy /proc/1/environ or Docker secrets into the workspace and read them via the standard file API. An admin can exfiltrate any file readable by the SiYuan process that falls outside the incomplete blocklist. In containerized deployments this includes all injected secrets and environment variables - a common pattern for passing credentials to containers. The exfiltrated files are then accessible via the standard workspace file API and persist until manually deleted. This issue has been fixed in version 3.6.1.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 03/24/2026
The vulnerability identified as CVE-2026-32747 affects SiYuan, a personal knowledge management system, specifically in versions 3.6.0 and earlier. This flaw resides in the globalCopyFiles API implementation which fails to properly validate file paths during copy operations. The system employs filepath.Abs() function to resolve absolute paths but lacks proper workspace boundary enforcement, creating a critical security gap that allows unauthorized access to sensitive system resources. The vulnerability stems from an incomplete security model that relies solely on util.IsSensitivePath() for path validation, which maintains a blocklist that deliberately excludes critical system directories including /proc/, /run/secrets/, and home directory dotfiles. This oversight creates a significant attack surface that can be exploited by administrative users with elevated privileges. The technical implementation demonstrates a failure in proper input sanitization and access control mechanisms, where the system assumes that administrative users can be trusted to perform legitimate operations without additional path validation checks.
The operational impact of this vulnerability extends beyond simple data access to encompass complete system compromise in containerized environments. An administrator with access to the SiYuan system can exploit this vulnerability to copy sensitive files from critical system locations such as /proc/1/environ which contains process environment variables, or Docker secrets located in /run/secrets/ directory. These files are then accessible through the standard file API and persist in the workspace until manually deleted, creating a long-term exfiltration channel. The vulnerability is particularly dangerous in containerized deployments where secrets and environment variables are commonly injected into containers for credential management, making the entire container security model potentially compromised. This issue represents a classic case of insufficient path validation that can be exploited to bypass intended security boundaries, with the potential for data leakage, credential theft, and system compromise.
The security implications of this vulnerability align with CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and can be mapped to ATT&CK technique T1074 (Data Staged) and T1565 (Data Manipulation) within the MITRE ATT&CK framework. The incomplete blocklist approach represents a flawed security-by-observation model that fails to account for all possible sensitive paths, particularly those commonly used in containerized environments. This vulnerability demonstrates the critical importance of defense in depth principles and proper input validation, as the system should have implemented a whitelist-based approach rather than relying on a potentially incomplete blacklist. The persistence of copied files in the workspace until manual deletion creates a continuous threat vector that can be exploited over time, making it particularly concerning for environments where SiYuan is deployed with elevated privileges. Organizations using SiYuan in production environments should immediately implement the patch available in version 3.6.1, which addresses the path validation issue by implementing proper workspace boundary checks and removing the reliance on the incomplete sensitive path detection mechanism.