CVE-2026-32938 in SiYuan
Summary
by MITRE • 03/20/2026
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the /api/lute/html2BlockDOM on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace assets directory without validating paths against a sensitive-path list. Together with GET /assets/*path, which only requires authentication, a publish-service visitor can cause the desktop kernel to copy any readable sensitive file and then read it via GET, leading to exfiltration of sensitive files. This issue has been fixed in version 3.6.1.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/25/2026
The vulnerability identified as CVE-2026-32938 affects SiYuan, a personal knowledge management system, specifically in versions 3.6.0 and earlier. This flaw represents a critical path traversal and information disclosure vulnerability that stems from inadequate input validation within the application's file handling mechanisms. The vulnerability exists in the desktop version's API endpoint /api/lute/html2BlockDOM which processes HTML content containing file:// links during paste operations. The system fails to validate these file paths against a comprehensive list of sensitive directories, creating an exploitable condition where arbitrary local files can be copied to the workspace assets directory. This vulnerability is particularly concerning because it combines multiple attack vectors to create a complete information exfiltration scenario.
The technical exploitation of this vulnerability relies on the combination of two distinct API endpoints that together create a path traversal attack vector. The /api/lute/html2BlockDOM endpoint processes HTML content and, when encountering file:// links, directly copies the referenced files to the workspace assets directory without proper path validation. This endpoint is accessible through the desktop kernel and can be triggered by malicious HTML content. The second component is the GET /assets/*path endpoint which provides read access to files within the assets directory but only requires authentication. This means that even an unauthenticated or low-privilege user with publish-service access can leverage this vulnerability. The combination allows an attacker to first copy sensitive files from the local system into the workspace assets directory and then retrieve them through the GET endpoint, effectively bypassing normal file system access controls.
The operational impact of this vulnerability extends beyond simple information disclosure to potentially enable more severe attacks. An attacker with publish-service visitor privileges can access sensitive files that would normally be restricted, including configuration files, user data, system logs, and potentially credentials stored in local files. The vulnerability affects the application's core security model by allowing unauthorized file system access through a seemingly benign paste operation. This creates a significant risk for users who may unknowingly paste HTML content containing malicious file:// links, particularly in collaborative environments where multiple users have access to shared knowledge bases. The vulnerability's exploitation does not require elevated privileges or complex attack chains, making it particularly dangerous in environments where users may not be security-aware.
The vulnerability aligns with CWE-22 Path Traversal and CWE-200 Information Disclosure, both of which are categorized under the Software Fault Pattern taxonomy. It also maps to ATT&CK technique T1074 Data Staged, as the attacker stages sensitive files in the workspace assets directory before exfiltration. The fix implemented in version 3.6.1 addresses this by introducing proper path validation that prevents copying of files from sensitive directories. This solution should include a comprehensive whitelist of allowed paths and robust validation of file:// links to ensure that only files from appropriate directories can be processed. Organizations should immediately upgrade to version 3.6.1 or later to remediate this vulnerability. Additionally, administrators should review access controls for publish-service visitors and consider implementing additional network-level restrictions to limit potential exploitation. The vulnerability demonstrates the critical importance of input validation in file handling operations and serves as a reminder of the security implications of seemingly benign features in knowledge management systems.