Cyber Posture

CVE-2026-32938

CriticalPublic PoC

Published: 20 March 2026

Published
20 March 2026
Modified
23 March 2026
KEV Added
Patch
CVSS Score 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H
EPSS Score 0.0025 48.7th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the /api/lute/html2BlockDOM on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace assets directory without validating paths against a sensitive-path list.…

more

Together with GET /assets/*path, which only requires authentication, a publish-service visitor can cause the desktop kernel to copy any readable sensitive file and then read it via GET, leading to exfiltration of sensitive files. This issue has been fixed in version 3.6.1.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly addresses the lack of path validation in /api/lute/html2BlockDOM by requiring validation of pasted HTML file:// links to block access to sensitive local files.

AC-4 Information Flow Enforcement good match
prevent

Enforces controls on information flows to prevent copying of sensitive local files into the network-accessible workspace assets directory.

SC-4 Information in Shared System Resources good match
prevent

Prevents unauthorized transfer of sensitive information into shared system resources like the assets directory that are retrievable via authenticated GET requests.

Security SummaryAI

CVE-2026-32938 is a high-severity vulnerability (CVSS 9.9) in SiYuan, a personal knowledge management system, affecting versions 3.6.0 and below. It stems from improper path validation in the desktop edition's /api/lute/html2BlockDOM endpoint, which processes pasted HTML containing file:// links and copies referenced local files into the workspace assets directory without checking against a sensitive-path list (CWE-22, CWE-200, CWE-284).

A low-privileged attacker (PR:L), such as an authenticated publish-service visitor, can exploit this over the network (AV:N) with no user interaction (UI:N). By pasting malicious HTML with file:// links to sensitive readable files, the attacker tricks the desktop kernel into copying those files to the assets directory. The attacker then retrieves the files via the GET /assets/*path endpoint, which only requires authentication, achieving sensitive file exfiltration with scope change (S:C), high confidentiality impact (C:H), low integrity impact (I:L), and high availability impact (A:H).

The vulnerability was fixed in SiYuan version 3.6.1. Mitigation details are available in the GitHub security advisory (GHSA-fq2j-j8hc-8vw8), release notes for v3.6.1, and the patching commit (294b8b429dea152cd1df522cddf406054c1619ad). Security practitioners should upgrade to 3.6.1 or later and review access to publish services.

Details

CWE(s)
CWE-22CWE-200CWE-284

Affected Products

b3log
siyuan
≤ 3.6.1

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
Why these techniques?

The vulnerability allows remote exploitation of a public-facing endpoint (T1190) in SiYuan to copy and exfiltrate arbitrary local sensitive files (T1005) via improper path validation on file:// links.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References