CVE-2026-32938

Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and below

Description SiYuan, a personal knowledge management system, has an issue where the /api/lute/html2BlockDOM endpoint on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace assets directory without validating paths against a sensitive-path list. This, combined with the GET /assets/*path endpoint, which only requires authentication, allows a visitor to the publish service to cause the desktop kernel to copy any readable sensitive file and then read it via GET, leading to the exfiltration of sensitive files. The POST /api/lute/html2BlockDOM endpoint is protected only by model.CheckAuth, and the publish read-only role is not restricted. The GET /assets/*path endpoint does not have publish-scope or admin checks. The attack chain involves calling html2BlockDOM to copy a sensitive file into the data/assets/ directory, extracting the data-href attribute from the returned DOM, and then requesting GET /assets/* to retrieve the file content.

Recommendations Update SiYuan to version 3.6.1 or later.