CVE-2026-32747

Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and below

Description SiYuan, a personal knowledge management system, has an issue in the globalCopyFiles API. This API reads source files using filepath.Abs() without proper workspace boundary checks. It relies on the util.IsSensitivePath() function, which has an incomplete blocklist, omitting paths like /proc/, /run/secrets/, and home directory dotfiles. This allows an administrator to copy sensitive files, such as /proc/1/environ or Docker secrets, into the workspace and subsequently read them through the standard file API. The issue enables an administrator to exfiltrate any file readable by the SiYuan process that is not blocked by the incomplete blocklist. In containerized deployments, this includes injected secrets and environment variables commonly used for passing credentials. The exfiltrated files persist in the workspace until manually deleted. The vulnerable function is globalCopyFiles located in kernel/api/file.go. The API endpoint used is /api/file/globalCopyFiles. The vulnerable parameters are srcs and destDir.

Recommendations Update SiYuan to version 3.6.1 or later.