logo

Database

Lack of data validation - Path Traversal In github.com/siyuan-note/siyuan/kernel

Description

SiYuan has directory traversal within its publishing service

Details

The /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook.

PoC

#!/usr/bin/env python3
"""POC: SiYuan /api/file/readDir 未鉴权目录遍历"""
import requests, json, sys

def poc(target):
    base = target.rstrip("/")
    url = f"{base}/api/file/readDir"
...

Impact

Directory traversal vulnerability: The entire directory structure of a notebook could be obtained, and then a file reading vulnerability could be exploited to achieve arbitrary document reading.

资源文件夹

image

插件文件夹

image

conf文件夹

image

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2026-336702. NVD-2026-336703. OSV-2026-336704. GHSA-xmw9-6r43-x9ww5. GCVE-2026-33670

References

1. https://github.com/siyuan-note/siyuan/security/advisories/GHSA-xmw9-6r43-x9ww

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-52B5Y – Vulnerability | Fluid Attacks Database