{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25992", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-09T17:41:55.858Z", "datePublished": "2026-02-10T17:47:36.041Z", "dateUpdated": "2026-02-10T19:17:41.722Z"}, "containers": {"cna": {"title": "SiYuan has a File Read Interface Case Bypass Vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-f72r-2h5j-7639", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-f72r-2h5j-7639"}, {"name": "https://github.com/siyuan-note/siyuan/releases/tag/v3.5.5", "tags": ["x_refsource_MISC"], "url": "https://github.com/siyuan-note/siyuan/releases/tag/v3.5.5"}], "affected": [{"vendor": "siyuan-note", "product": "siyuan", "versions": [{"version": "< 3.5.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-10T17:47:36.041Z"}, "descriptions": [{"lang": "en", "value": "SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read protected configuration files. This vulnerability is fixed in 3.5.5."}], "source": {"advisory": "GHSA-f72r-2h5j-7639", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-10T19:16:10.562245Z", "id": "CVE-2026-25992", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T19:17:41.722Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25992", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-10T19:16:10.562245Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T19:16:22.911Z"}}], "cna": {"title": "SiYuan has a File Read Interface Case Bypass Vulnerability", "source": {"advisory": "GHSA-f72r-2h5j-7639", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "siyuan-note", "product": "siyuan", "versions": [{"status": "affected", "version": "< 3.5.5"}]}], "references": [{"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-f72r-2h5j-7639", "name": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-f72r-2h5j-7639", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/siyuan-note/siyuan/releases/tag/v3.5.5", "name": "https://github.com/siyuan-note/siyuan/releases/tag/v3.5.5", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read protected configuration files. This vulnerability is fixed in 3.5.5."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-10T17:47:36.041Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25992", "state": "PUBLISHED", "dateUpdated": "2026-02-10T19:17:41.722Z", "dateReserved": "2026-02-09T17:41:55.858Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-10T17:47:36.041Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:b3log:siyuan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3F6A2E5-099B-4ED7-B1D4-CC2E4DFECF3D", "versionEndExcluding": "3.5.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read protected configuration files. This vulnerability is fixed in 3.5.5."}, {"lang": "es", "value": "SiYuan es un sistema de gesti\u00f3n de conocimiento personal. Antes de la versi\u00f3n 3.5.5, el endpoint /api/file/getFile utiliza comprobaciones de igualdad de cadenas que distinguen entre may\u00fasculas y min\u00fasculas para bloquear el acceso a archivos sensibles. En sistemas de archivos que no distinguen entre may\u00fasculas y min\u00fasculas, como Windows, los atacantes pueden eludir las restricciones utilizando rutas con may\u00fasculas y min\u00fasculas mezcladas y leer archivos de configuraci\u00f3n protegidos. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 3.5.5."}], "id": "CVE-2026-25992", "lastModified": "2026-02-23T17:58:09.347", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-10T18:16:38.807", "references": [{"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/siyuan-note/siyuan/releases/tag/v3.5.5"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-f72r-2h5j-7639"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.5.5)"}}], "product": "siyuan", "vendor": "siyuan"}], "analysis": {"en": {"generated_at": "2026-04-17T20:41:48.255460+00:00", "value": {"mitigation_remediation": ["Upgrade Siyuan to version 3.5.5 or later, which contains the fix for the file read bypass.", "If an upgrade is not immediately possible, restrict access to the /api/file/getFile endpoint to authenticated users only so that only authorized clients can request files.", "Move or delete sensitive configuration files from directories exposed through the API, and enforce strict file permissions to prevent unauthorized reading."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized File Disclosure"}, "threat_synthesis": {"affected_systems": "The affected product is Siyuan, a personal knowledge management system developed by siyuan-note. Versions prior to 3.5.5 contain the flaw. All installations on Windows or other case-insensitive file systems are at risk.", "description_and_impact": "The vulnerability in Siyuan's /api/file/getFile endpoint allows attackers to read protected configuration files by using mixed-case paths on case-insensitive file systems. The flaw arises from case-sensitive string equality checks that are ineffective on such systems. If exploited, an attacker can obtain sensitive data stored in configuration files, potentially compromising the system's confidentiality and integrity.", "risk_and_exploitability": "With a CVSS score of 7.5, the vulnerability carries a high severity. The EPSS score is less than 1%, indicating a low current exploitation probability. It is not listed in the CISA KEV catalog. Attackers can exploit the API by sending requests with mixed-case filenames on a case-insensitive file system to bypass the intended restrictions. This requires the ability to send HTTP requests to the target application, potentially through network exposure or local component interaction."}}}}, "created": "2026-02-12T11:19:47.014507+00:00", "updated": "2026-04-17T20:45:25.772027+00:00", "vendors": ["siyuan", "siyuan$PRODUCT$siyuan"]}