CVE-2026-32747 Overview
CVE-2026-32747 is a Path Traversal vulnerability affecting SiYuan, a personal knowledge management system. The vulnerability exists in the globalCopyFiles API which reads source files using filepath.Abs() without proper workspace boundary validation. The security controls rely solely on util.IsSensitivePath(), which contains an incomplete blocklist that omits critical paths including /proc/, /run/secrets/, and home directory dotfiles.
Critical Impact
An authenticated admin user can exfiltrate sensitive files readable by the SiYuan process, including Docker secrets and environment variables in containerized deployments. Exfiltrated files persist in the workspace until manually deleted.
Affected Products
- SiYuan versions 3.6.0 and below
- SiYuan containerized deployments with injected secrets
- Self-hosted SiYuan instances with admin access
Discovery Timeline
- 2026-03-19 - CVE CVE-2026-32747 published to NVD
- 2026-03-19 - Last updated in NVD database
Technical Details for CVE-2026-32747
Vulnerability Analysis
This Path Traversal vulnerability (CWE-22) enables authenticated administrators to bypass file access restrictions and read arbitrary files from the host system. The core issue lies in the insufficient path validation within the globalCopyFiles API endpoint. While the application attempts to protect sensitive system files through a blocklist approach in util.IsSensitivePath(), the implementation contains critical gaps that allow access to sensitive system resources.
The vulnerability is particularly impactful in containerized environments where secrets are commonly passed via environment variables or mounted files in /run/secrets/. An attacker with admin privileges can copy files like /proc/1/environ (which contains all environment variables of the main process) into the workspace, then access them through the standard file API.
Root Cause
The root cause is an incomplete blocklist implementation in the IsSensitivePath() function located in kernel/util/path.go. The original implementation failed to block access to several critical Unix system paths:
- /proc/ - Contains process information including environment variables
- /run/secrets/ - Docker secrets mount point
- /sys/ - Linux system filesystem
- Home directory dotfiles containing configuration and credentials
The blocklist approach is fundamentally flawed as it requires anticipating all sensitive paths rather than allowing only known-safe workspace paths.
Attack Vector
The attack requires network access and administrative privileges on the SiYuan instance. An attacker with admin credentials can:
- Call the globalCopyFiles API with a path to a sensitive file (e.g., /proc/1/environ)
- The file is copied into the workspace without proper validation
- Access the copied file through the standard workspace file API
- Extract credentials, API keys, and other sensitive data
The following patch demonstrates the security fix implemented in version 3.6.1:
if p == "" {
return false
}
- pp := filepath.Clean(strings.ToLower(p))
+ toCheckPathLower := filepath.Clean(strings.ToLower(p))
+ toCheckNameLower := filepath.Base(toCheckPathLower)
// 敏感目录前缀(UNIX 风格)
prefixes := []string{
- "/etc/ssh",
+ "/.",
+ "/etc",
"/root",
"/etc",
- "/var/lib/",
- "/.",
+ "/var",
+ "/proc",
+ "/sys",
+ "/run",
+ "/bin",
+ "/boot",
+ "/dev",
+ "/lib",
+ "/srv",
+ "/tmp",
}
for _, pre := range prefixes {
- if strings.HasPrefix(pp, pre) {
+ if strings.HasPrefix(toCheckPathLower, pre) {
Source: GitHub Commit Update
Detection Methods for CVE-2026-32747
Indicators of Compromise
- Unexpected files appearing in SiYuan workspace directories
- API calls to globalCopyFiles with paths containing /proc/, /run/secrets/, or /etc/
- Workspace files containing environment variable data or credential-like content
- Admin account activity involving file copy operations outside normal workspace boundaries
Detection Strategies
- Monitor SiYuan API logs for globalCopyFiles requests targeting system paths
- Implement file integrity monitoring on workspace directories to detect unauthorized file additions
- Review admin access logs for unusual file operation patterns
- Deploy application-level logging to capture path parameters in file copy operations
Monitoring Recommendations
- Enable verbose logging for the SiYuan API layer
- Implement alerting on file operations targeting /proc/, /sys/, /run/, and other system directories
- Monitor container runtime for unexpected file access patterns by the SiYuan process
- Regularly audit workspace contents for files that should not be present
How to Mitigate CVE-2026-32747
Immediate Actions Required
- Upgrade SiYuan to version 3.6.1 or later immediately
- Audit existing workspace files for any exfiltrated sensitive data
- Rotate any credentials that may have been exposed through environment variables or mounted secrets
- Review admin account activity logs for suspicious file copy operations
Patch Information
SiYuan has released version 3.6.1 which addresses this vulnerability by expanding the sensitive path blocklist to include /proc, /sys, /run, /bin, /boot, /dev, /lib, /srv, and /tmp directories. The patch is available through the GitHub Release v3.6.1. Additional technical details can be found in the GitHub Security Advisory GHSA-h5vh-m7fg-w5h6.
Workarounds
- Restrict network access to the SiYuan instance to trusted networks only
- Limit admin account access to essential personnel
- Run SiYuan in a container with minimal mounted secrets and environment variables
- Implement network segmentation to limit the impact of potential credential exfiltration
# Configuration example - Run SiYuan with restricted filesystem access
# Use read-only mounts and avoid passing sensitive env vars
docker run -d \
--read-only \
--tmpfs /tmp \
--security-opt no-new-privileges \
-v /path/to/workspace:/workspace \
siyuan/siyuan:3.6.1
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
