This vulnerability exists in SiYuan's HTML paste endpoint, which copies local files from user-supplied file:// links without proper path validation. An unauthenticated or low-privileged attacker can trigger copying of sensitive system files, then exfiltrate the files via the public asset endpoint. Successful exploitation leads to full exposure of sensitive data on the host.
Remediation
Upgrade SiYuan to version 3.6.1 or newer to fix the path validation issue. If you cannot upgrade immediately, restrict public access to your SiYuan instance and enforce strong authentication for all asset endpoints.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.