CVE-2026-32110

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.0

Description SiYuan is a personal knowledge management system. The /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and headers. There is no URL validation to prevent requests to internal networks, localhost, or cloud metadata services. This could allow attackers to perform internal network reconnaissance, potentially steal cloud credentials, exfiltrate data, or bypass firewalls. The vulnerable code resides in /kernel/api/network.go (Lines 153-317) within the forwardProxy function, which only validates the URL format and not the destination. The url parameter within the JSON payload sent to the /api/network/forwardProxy endpoint is user-controlled.

Recommendations Update SiYuan to version 3.6.0 or later.