GHSA-94C7-G2FJ-7682

Vulnerability from github – Published: 2026-01-21 01:01 – Updated: 2026-01-21 01:01
VLAI?
Summary
SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality
Details

Summary

The SiYuan Note application (v3.5.3) contains a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper path validation

Details

The vulnerability exists in the api/file.go source code. The function globalCopyFiles accepts a list of source paths (srcs) from the JSON request body. While the code checks if the source file exists using filelock.IsExist(src), it fails to validate whether the source path resides within the authorized workspace directory.

func globalCopyFiles(c *gin.Context) {
    // ...

    srcsArg := arg["srcs"].([]interface{})

    for _, src := range srcs {

        if !filelock.IsExist(src) { ... }


        if err := filelock.Copy(src, dest); err != nil { ... }
    }
}

PoC

The following steps demonstrate how to exfiltrate the /etc/passwd file.

  1. The attacker sends a request to copy the system file /etc/passwd to the root of the application workspace (/).

image

  1. The attacker downloads the copied file using the standard file retrieval API, which now treats the system file as a legitimate workspace asset.

image image

Impact

This vulnerability allows an attacker to read arbitrary files from the server's filesystem, bypassing intended directory restrictions. By exfiltrating sensitive configuration files (such as docker-compose.yml containing database credentials) and system files (like /etc/passwd), an attacker can harvest secrets to pivot from application access to full infrastructure compromise. This results in a complete loss of confidentiality regarding both user data and the underlying server environment.

Tested version:

image

Solution

https://github.com/siyuan-note/siyuan/issues/16860

Severity ?
8.3 (High)
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/siyuan-note/siyuan/kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20260118092521-f8f4b517077b"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-23851"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-21T01:01:47Z",
    "nvd_published_at": "2026-01-19T20:15:49Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nThe SiYuan Note application (v3.5.3) contains a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server\u0027s filesystem into the application\u0027s workspace without proper path validation\n### Details\nThe vulnerability exists in the api/file.go source code. The function globalCopyFiles accepts a list of source paths (srcs) from the JSON request body. While the code checks if the source file exists using filelock.IsExist(src), it fails to validate whether the source path resides within the authorized workspace directory.\n\n\n```\nfunc globalCopyFiles(c *gin.Context) {\n    // ...\n\n    srcsArg := arg[\"srcs\"].([]interface{})\n    \n    for _, src := range srcs {\n\n        if !filelock.IsExist(src) { ... }\n        \n\n        if err := filelock.Copy(src, dest); err != nil { ... }\n    }\n}\n```\n\n### PoC\nThe following steps demonstrate how to exfiltrate the /etc/passwd file.\n\n1. The attacker sends a request to copy the system file /etc/passwd to the root of the application workspace (/).\n\n\u003cimg width=\"1537\" height=\"357\" alt=\"image\" src=\"https://github.com/user-attachments/assets/7c8e5fe8-f609-4263-8685-eedf3cf22400\" /\u003e\n\n2. The attacker downloads the copied file using the standard file retrieval API, which now treats the system file as a legitimate workspace asset.\n\n\u003cimg width=\"1549\" height=\"588\" alt=\"image\" src=\"https://github.com/user-attachments/assets/37cac3dd-d9a9-4191-92ea-16f0424c73e1\" /\u003e\n\u003cimg width=\"756\" height=\"337\" alt=\"image\" src=\"https://github.com/user-attachments/assets/c872d729-259b-4b2a-9314-8be6b2b9b26a\" /\u003e\n\n\n### Impact\nThis vulnerability allows an attacker to read arbitrary files from the server\u0027s filesystem, bypassing intended directory restrictions. By exfiltrating sensitive configuration files (such as docker-compose.yml containing database credentials) and system files (like /etc/passwd), an attacker can harvest secrets to pivot from application access to full infrastructure compromise. This results in a complete loss of confidentiality regarding both user data and the underlying server environment.\n\n### Tested version:\n\u003cimg width=\"1118\" height=\"650\" alt=\"image\" src=\"https://github.com/user-attachments/assets/c98cbbcc-2a28-4a15-b84e-4a7120649c5e\" /\u003e\n\n### Solution\n\nhttps://github.com/siyuan-note/siyuan/issues/16860",
  "id": "GHSA-94c7-g2fj-7682",
  "modified": "2026-01-21T01:01:47Z",
  "published": "2026-01-21T01:01:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-94c7-g2fj-7682"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23851"
    },
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/issues/16860"
    },
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/commit/b2274baba2e11c8cf8901b0c5c871e5b27f1f6dd"
    },
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/commit/f8f4b517077b92c90c0d7b51ac11be1b34b273ad"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/siyuan-note/siyuan"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.