Headline
GHSA-94c7-g2fj-7682: SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality
Summary
The SiYuan Note application (v3.5.3) contains a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server’s filesystem into the application’s workspace without proper path validation
Details
The vulnerability exists in the api/file.go source code. The function globalCopyFiles accepts a list of source paths (srcs) from the JSON request body. While the code checks if the source file exists using filelock.IsExist(src), it fails to validate whether the source path resides within the authorized workspace directory.
func globalCopyFiles(c *gin.Context) {
// ...
srcsArg := arg["srcs"].([]interface{})
for _, src := range srcs {
if !filelock.IsExist(src) { ... }
if err := filelock.Copy(src, dest); err != nil { ... }
}
}
PoC
The following steps demonstrate how to exfiltrate the /etc/passwd file.
- The attacker sends a request to copy the system file /etc/passwd to the root of the application workspace (/).
<img width="1537" height="357" alt="image" src="https://github.com/user-attachments/assets/7c8e5fe8-f609-4263-8685-eedf3cf22400" />
- The attacker downloads the copied file using the standard file retrieval API, which now treats the system file as a legitimate workspace asset.
<img width="1549" height="588" alt="image" src="https://github.com/user-attachments/assets/37cac3dd-d9a9-4191-92ea-16f0424c73e1" /> <img width="756" height="337" alt="image" src="https://github.com/user-attachments/assets/c872d729-259b-4b2a-9314-8be6b2b9b26a" />
Impact
This vulnerability allows an attacker to read arbitrary files from the server’s filesystem, bypassing intended directory restrictions. By exfiltrating sensitive configuration files (such as docker-compose.yml containing database credentials) and system files (like /etc/passwd), an attacker can harvest secrets to pivot from application access to full infrastructure compromise. This results in a complete loss of confidentiality regarding both user data and the underlying server environment.
Tested version:
<img width="1118" height="650" alt="image" src="https://github.com/user-attachments/assets/c98cbbcc-2a28-4a15-b84e-4a7120649c5e" />
Solution
https://github.com/siyuan-note/siyuan/issues/16860
Summary
The SiYuan Note application (v3.5.3) contains a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server’s filesystem into the application’s workspace without proper path validation
Details
The vulnerability exists in the api/file.go source code. The function globalCopyFiles accepts a list of source paths (srcs) from the JSON request body. While the code checks if the source file exists using filelock.IsExist(src), it fails to validate whether the source path resides within the authorized workspace directory.
func globalCopyFiles(c *gin.Context) {
// ...
srcsArg := arg["srcs"].([]interface{})
for _, src := range srcs {
if !filelock.IsExist(src) { ... }
if err := filelock.Copy(src, dest); err != nil { ... }
}
}
PoC
The following steps demonstrate how to exfiltrate the /etc/passwd file.
The attacker sends a request to copy the system file /etc/passwd to the root of the application workspace (/).
The attacker downloads the copied file using the standard file retrieval API, which now treats the system file as a legitimate workspace asset.
Impact
This vulnerability allows an attacker to read arbitrary files from the server’s filesystem, bypassing intended directory restrictions. By exfiltrating sensitive configuration files (such as docker-compose.yml containing database credentials) and system files (like /etc/passwd), an attacker can harvest secrets to pivot from application access to full infrastructure compromise. This results in a complete loss of confidentiality regarding both user data and the underlying server environment.
Tested version:
Solution
siyuan-note/siyuan#16860
References
- GHSA-94c7-g2fj-7682
- https://nvd.nist.gov/vuln/detail/CVE-2026-23851
- siyuan-note/siyuan#16860
- siyuan-note/siyuan@b2274ba
- siyuan-note/siyuan@f8f4b51