Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2026-32110

CVE-2026-32110: B3log Siyuan SSRF Vulnerability

CVE-2026-32110 is a server-side request forgery flaw in B3log Siyuan that allows authenticated attackers to make arbitrary HTTP requests from the server. This article covers technical details, affected versions, and mitigation.

Updated:

CVE-2026-32110 Overview

CVE-2026-32110 is a Server-Side Request Forgery (SSRF) vulnerability in SiYuan, an open-source personal knowledge management system developed by B3log. The flaw resides in the /api/network/forwardProxy endpoint, which accepts a user-controlled URL and issues an HTTP request from the server on behalf of the authenticated caller. The endpoint returns the full response body and headers without validating the destination URL. Authenticated users can pivot through the SiYuan server to reach internal networks, localhost services, and cloud metadata endpoints. The issue is tracked under [CWE-918] and is fixed in SiYuan 3.6.0.

Critical Impact

Authenticated attackers can use the SiYuan server as a proxy to access internal services and steal cloud instance credentials from metadata endpoints such as 169.254.169.254.

Affected Products

  • B3log SiYuan versions prior to 3.6.0
  • SiYuan self-hosted server deployments
  • SiYuan instances exposing the /api/network/forwardProxy endpoint

Discovery Timeline

  • 2026-03-11 - CVE-2026-32110 published to NVD
  • 2026-03-13 - Last updated in NVD database

Technical Details for CVE-2026-32110

Vulnerability Analysis

The /api/network/forwardProxy endpoint is designed to let SiYuan fetch external resources on behalf of the client. The handler accepts a URL parameter from the authenticated user and performs an HTTP request to that URL using the server's network stack. The full response body and HTTP headers are returned to the caller.

Because the endpoint omits URL validation, an attacker can target hosts that are not reachable from the client but are reachable from the server. Common SSRF targets include 127.0.0.1, RFC1918 ranges, Kubernetes API servers, and cloud provider metadata services. Reading the response back to the client turns the flaw into a full-read SSRF rather than a blind SSRF, which simplifies extraction of secrets such as IAM credentials.

The attack vector is network-based and requires low-privilege authentication. Exploitation does not require user interaction. The impact extends beyond SiYuan itself, since the server can be used to enumerate and interact with adjacent infrastructure.

Root Cause

The root cause is missing input validation on the user-supplied URL parameter. The endpoint does not enforce an allowlist of destinations, does not block requests to private IP ranges or link-local addresses, and does not restrict the URL scheme. Categorized as [CWE-918] Server-Side Request Forgery, the defect lets authenticated users coerce the server into issuing arbitrary HTTP requests.

Attack Vector

An authenticated attacker sends a crafted request to /api/network/forwardProxy with a URL targeting an internal resource. The server fetches the resource and relays the body and headers back to the attacker. On cloud-hosted SiYuan instances, the attacker can request http://169.254.169.254/latest/meta-data/iam/security-credentials/ to retrieve temporary AWS credentials, or equivalent endpoints on Azure and GCP. The same primitive enables port scanning, internal service enumeration, and interaction with unauthenticated admin interfaces bound to localhost.

No verified public proof-of-concept code is available. See the GitHub Security Advisory GHSA-56cv-c5p2-j2wg for vendor technical details.

Detection Methods for CVE-2026-32110

Indicators of Compromise

  • Outbound HTTP requests from the SiYuan server process to private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) or 127.0.0.1.
  • Requests from the SiYuan server to cloud metadata endpoints, including 169.254.169.254 and metadata.google.internal.
  • Access log entries showing POST or GET requests to /api/network/forwardProxy with URL parameters pointing to internal or link-local hosts.
  • Unusual response sizes returned from /api/network/forwardProxy indicating retrieval of internal service content.

Detection Strategies

  • Parse SiYuan access logs and alert on /api/network/forwardProxy requests where the target URL resolves to a non-public address.
  • Monitor egress traffic from SiYuan hosts for connections to 169.254.169.254 or other metadata service IPs.
  • Correlate authentication events with high-volume forwardProxy calls to detect credential abuse or token theft scenarios.

Monitoring Recommendations

  • Forward SiYuan application logs and host network telemetry to a centralized analytics platform for retroactive SSRF hunting.
  • Establish a baseline of normal forwardProxy destinations and alert on deviations such as private-range or metadata IPs.
  • Enable cloud provider audit logging (AWS CloudTrail, Azure Activity Log, GCP Audit Logs) to detect use of credentials potentially stolen via SSRF.

How to Mitigate CVE-2026-32110

Immediate Actions Required

  • Upgrade SiYuan to version 3.6.0 or later, where URL validation is enforced on the forwardProxy endpoint.
  • Audit existing user accounts and rotate any cloud credentials accessible from the SiYuan host's metadata service.
  • Restrict network egress from SiYuan servers to only required external destinations.
  • Review SiYuan access logs for prior abuse of /api/network/forwardProxy targeting internal addresses.

Patch Information

The vendor fixed CVE-2026-32110 in SiYuan version 3.6.0. Refer to the SiYuan Security Advisory GHSA-56cv-c5p2-j2wg for release details and patch notes.

Workarounds

  • Block the /api/network/forwardProxy endpoint at a reverse proxy or web application firewall until the upgrade is applied.
  • Enforce host-level egress firewall rules denying outbound traffic from the SiYuan server to 127.0.0.0/8, RFC1918 ranges, and 169.254.169.254.
  • On AWS instances, require IMDSv2 with a hop limit of 1 to mitigate metadata service exposure from server-side requests.
  • Limit SiYuan account creation and restrict access to trusted users, since exploitation requires authentication.
bash
# Example nginx rule to block the vulnerable endpoint pre-patch
location = /api/network/forwardProxy {
    deny all;
    return 403;
}

# Example iptables egress restriction on the SiYuan host
iptables -A OUTPUT -d 169.254.169.254 -j DROP
iptables -A OUTPUT -d 10.0.0.0/8 -j DROP
iptables -A OUTPUT -d 172.16.0.0/12 -j DROP
iptables -A OUTPUT -d 192.168.0.0/16 -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne