{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32110", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T22:02:38.855Z", "datePublished": "2026-03-11T20:38:08.708Z", "dateUpdated": "2026-03-12T14:01:27.532Z"}, "containers": {"cna": {"title": "SiYuan has a Full-Read SSRF via /api/network/forwardProxy", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56cv-c5p2-j2wg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56cv-c5p2-j2wg"}], "affected": [{"vendor": "siyuan-note", "product": "siyuan", "versions": [{"version": "< 3.6.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-11T20:38:08.708Z"}, "descriptions": [{"lang": "en", "value": "SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and headers. There is no URL validation to prevent requests to internal networks, localhost, or cloud metadata services. This vulnerability is fixed in 3.6.0."}], "source": {"advisory": "GHSA-56cv-c5p2-j2wg", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T14:00:57.301937Z", "id": "CVE-2026-32110", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T14:01:27.532Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32110", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-12T14:00:57.301937Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T14:01:22.842Z"}}], "cna": {"title": "SiYuan has a Full-Read SSRF via /api/network/forwardProxy", "source": {"advisory": "GHSA-56cv-c5p2-j2wg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "siyuan-note", "product": "siyuan", "versions": [{"status": "affected", "version": "< 3.6.0"}]}], "references": [{"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56cv-c5p2-j2wg", "name": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56cv-c5p2-j2wg", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and headers. There is no URL validation to prevent requests to internal networks, localhost, or cloud metadata services. This vulnerability is fixed in 3.6.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-11T20:38:08.708Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32110", "state": "PUBLISHED", "dateUpdated": "2026-03-12T14:01:27.532Z", "dateReserved": "2026-03-10T22:02:38.855Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-11T20:38:08.708Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:b3log:siyuan:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C3834ED-F089-4DEF-A283-7F20DC4A7C56", "versionEndExcluding": "3.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and headers. There is no URL validation to prevent requests to internal networks, localhost, or cloud metadata services. This vulnerability is fixed in 3.6.0."}, {"lang": "es", "value": "SiYuan es un sistema de gesti\u00f3n de conocimiento personal. Antes de la 3.6.0, el endpoint /api/network/forwardProxy permite a usuarios autenticados realizar peticiones HTTP arbitrarias desde el servidor. El endpoint acepta una URL controlada por el usuario y realiza peticiones HTTP a ella, devolviendo el cuerpo completo de la respuesta y las cabeceras. No hay validaci\u00f3n de URL para prevenir peticiones a redes internas, localhost o servicios de metadatos en la nube. Esta vulnerabilidad est\u00e1 corregida en la 3.6.0."}], "id": "CVE-2026-32110", "lastModified": "2026-03-13T16:51:38.307", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-11T21:16:17.087", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56cv-c5p2-j2wg"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.6.0)"}}], "enrichment": {"confidence": 84.0, "confidence_source": "matching", "scores": [{"score": 84.0, "source": "matching"}]}, "original": {"product": "siyuan", "source": "cna", "vendor": "siyuan-note"}, "product": "siyuan", "vendor": "siyuan"}], "analysis": {"en": {"generated_at": "2026-03-17T16:23:21.993032+00:00", "value": {"mitigation_remediation": ["Upgrade to SiYuan version 3.6.0 or later, which fixes the lack of URL validation in the forwardProxy endpoint."], "summary": {"action": "Patch", "impact": "Full-Read Server\u2011Side Request Forgery (SSRF)"}, "threat_synthesis": {"affected_systems": "Affected products include SiYuan, a personal knowledge management system. All releases prior to version 3.6.0 are vulnerable; versions 3.6.0 and later incorporate a fix that validates the target URL and restricts outbound access.", "description_and_impact": "The vulnerability resides in SiYuan\u2019s /api/network/forwardProxy endpoint, which accepts a user\u2011controlled URL and forwards arbitrary HTTP requests from the server. Because the endpoint performs no validation, authenticated users can instruct the server to reach any address, including internal networks, localhost, or cloud metadata services, and retrieve the complete response body and headers. This enables the attacker to read sensitive internal resources or metadata, potentially exfiltrating confidential data or compromising internal systems. The weakness is categorized as CWE\u2011918 \u2013 Server\u2011Side Request Forgery.", "risk_and_exploitability": "The issue carries a CVSS score of 8.3 (High) and an EPSS probability of less than 1\u202f%, indicating a lower likelihood of arbitrary exploitation but a severe impact if exploited. The vulnerability is not listed in CISA\u2019s KEV catalog. The likely attack vector requires an authenticated user; thus, compromised credentials or social\u2011engineering to gain access to the application are prerequisites. Once authenticated, an attacker can direct the server to access arbitrary endpoints, creating a potential data breach or further internal compromise."}}}}, "created": "2026-03-12T09:55:59.861675+00:00", "updated": "2026-03-20T15:37:07.276672+00:00", "vendors": ["siyuan", "siyuan$PRODUCT$siyuan"]}