Home

Description

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the `IsSensitivePath()` function in `kernel/util/path.go` uses a denylist approach that was recently expanded (GHSA-h5vh-m7fg-w5h6, commit 9914fd1) but remains incomplete. Multiple security-relevant Linux directories are not blocked, including `/opt` (application data), `/usr` (local configs/binaries), `/home` (other users), `/mnt` and `/media` (mounted volumes). The `globalCopyFiles` and `importStdMd` endpoints rely on `IsSensitivePath` as their primary defense against reading files outside the workspace. Version 3.6.2 contains an updated fix.

PUBLISHED Reserved 2026-03-17 | Published 2026-03-20 | Updated 2026-03-25 | Assigner GitHub_M




MEDIUM: 6.8CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Problem types

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

< 3.6.2
affected

References

github.com/...siyuan/security/advisories/GHSA-vm69-h85x-8p85

cve.org (CVE-2026-33194)

nvd.nist.gov (CVE-2026-33194)

Download JSON