CVE-2026-23851 – This CVE describes a path traversal vulnerabili... (How to Fix)

Q: What is the severity of CVE-2026-23851?

CVE-2026-23851 has a CVSS score of 6.5 (MEDIUM). This CVE describes a path traversal vulnerability in SiYuan's file copy endpoint that allows authenticated users to copy arbitrary files from the server's filesystem into the application workspace. The vulnerability affects SiYuan versions before 3.5.4 and requires user authentication to exploit.

📋 TL;DR

This CVE describes a path traversal vulnerability in SiYuan's file copy endpoint that allows authenticated users to copy arbitrary files from the server's filesystem into the application workspace. The vulnerability affects SiYuan versions before 3.5.4 and requires user authentication to exploit.

💻 Affected Systems

Products:

SiYuan personal knowledge management system

Versions: Versions prior to 3.5.4

Operating Systems: All platforms running SiYuan

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access to the vulnerable endpoint

📦 What is this software?

Siyuan by B3log

View all CVEs affecting Siyuan →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could exfiltrate sensitive system files, configuration files, or other application data by copying them to the workspace where they can be accessed through the application interface.

🟠

Likely Case

Authenticated users could access files outside their authorized workspace boundaries, potentially exposing other users' data or system configuration files.

🟢

If Mitigated

With proper authentication controls and network segmentation, the impact is limited to authorized users accessing files they shouldn't be able to reach within the application context.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access and knowledge of the API endpoint

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5.4

Vendor Advisory: https://github.com/siyuan-note/siyuan/security/advisories/GHSA-94c7-g2fj-7682

Restart Required: Yes

Instructions:

1. Backup your SiYuan data. 2. Stop the SiYuan service. 3. Update to version 3.5.4 or later. 4. Restart the service. 5. Verify the update was successful.

🔧 Temporary Workarounds

Restrict API endpoint access

all

Use web application firewall or reverse proxy rules to restrict access to the vulnerable /api/file/globalCopyFiles endpoint

# Example nginx location block to block the endpoint
location /api/file/globalCopyFiles { return 403; }

Implement file system restrictions

linux

Run SiYuan in a container or chroot environment with restricted filesystem access

# Example Docker run command with volume restrictions
docker run -v /path/to/workspace:/app/workspace:ro siyuan-note/siyuan

🧯 If You Can't Patch

Implement strict access controls and monitor authenticated user activity
Deploy network segmentation to isolate SiYuan from sensitive systems and files

🔍 How to Verify

Check if Vulnerable:

Check SiYuan version via web interface or by examining the application files. Versions below 3.5.4 are vulnerable.

Check Version:

Check the SiYuan web interface settings or examine the application directory for version information

Verify Fix Applied:

After updating, verify the version is 3.5.4 or higher and test that the /api/file/globalCopyFiles endpoint properly validates source paths.

📡 Detection & Monitoring

Log Indicators:

Unusual file copy operations via API
Requests to /api/file/globalCopyFiles with suspicious source paths
Multiple failed path validation attempts

Network Indicators:

POST requests to /api/file/globalCopyFiles with JSON payload containing absolute paths or path traversal sequences

SIEM Query:

source="siyuan.log" AND (uri_path="/api/file/globalCopyFiles" AND (src CONTAINS ".." OR src CONTAINS "/"))

📊 Metadata

CVE ID: CVE-2026-23851

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

EPSS Score: 0.04% exploit probability (10.3th percentile)

Published: January 19, 2026

Last Updated: January 30, 2026

🔗 References

https://github.com/siyuan-note/siyuan/commit/b2274baba2e11c8cf8901b0c5c871e5b27f1f6dd Patch
https://github.com/siyuan-note/siyuan/commit/f8f4b517077b92c90c0d7b51ac11be1b34b273ad Patch
https://github.com/siyuan-note/siyuan/issues/16860 Issue Tracking,Patch
https://github.com/siyuan-note/siyuan/security/advisories/GHSA-94c7-g2fj-7682 Vendor Advisory,Exploit,Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-23851, you might also want to check these: