<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Siyuan Kernel (Versions Prior to 0.0.0-20260628153353-2d5d72223df4) - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/siyuan-kernel-versions-prior-to-0.0.0-20260628153353-2d5d72223df4/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Fri, 10 Jul 2026 19:30:43 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/siyuan-kernel-versions-prior-to-0.0.0-20260628153353-2d5d72223df4/feed.xml" rel="self" type="application/rss+xml"/><item><title>SiYuan Path Traversal Vulnerability (CVE-2026-54066) via Double URL Encoding</title><link>https://feed.craftedsignal.io/briefs/2026-07-siyuan-path-traversal/</link><pubDate>Fri, 10 Jul 2026 19:30:43 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-siyuan-path-traversal/</guid><description>An incomplete fix for CVE-2026-41894 in SiYuan's 'publish mode' allows unauthenticated remote attackers to perform path traversal by double URL-encoding '..' segments in requests to the '/assets/*path' route, leading to the read of arbitrary files within the 'WorkspaceDir'.</description><content:encoded><![CDATA[<p>A critical path traversal vulnerability, tracked as CVE-2026-54066, affects the SiYuan note-taking application in its &quot;publish mode&quot; (anonymous read-only HTTP endpoint, typically port 6808). This flaw is a bypass of the previously incomplete fix for CVE-2026-41894. Unauthenticated remote attackers can exploit this by sending specially crafted HTTP GET requests containing double URL-encoded <code>..</code> segments to the <code>/assets/*path</code> route. This technique allows them to read arbitrary files from the <code>WorkspaceDir</code> outside the intended <code>DataDir</code> subtree, including sensitive files like <code>conf/conf.json</code> (containing API tokens and sync keys) and <code>temp/*.db</code> (full notebook content). The vulnerability stems from a second <code>url.PathUnescape</code> operation in a fallback function, coupled with an overly permissive access gate and the non-application of a sensitive path denylist to the <code>/assets/</code> route. The vulnerability has been verified against SiYuan v3.6.5 and affects versions prior to <code>0.0.0-20260628153353-2d5d72223df4</code>.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An unauthenticated remote attacker sends an HTTP GET request to the SiYuan instance's &quot;publish mode&quot; server (default port 6808), targeting the <code>/assets/*path</code> endpoint.</li>
<li>The request URL's <code>cs-uri-stem</code> contains double URL-encoded path traversal sequences, such as <code>/assets/%252e%252e/%252e%252e/target/file</code>.</li>
<li>The Gin router performs the initial URL decoding, receiving <code>context.Param(&quot;path&quot;)</code> with single URL-encoded segments (e.g., <code>/%2e%2e/%2e%2e/target/file</code>).</li>
<li>The <code>GetAssetAbsPath</code> function, within its fallback mechanism (<code>kernel/model/assets.go:548</code>), performs a second <code>url.PathUnescape</code> on the path.</li>
<li>This second decode converts the single URL-encoded <code>..</code> (<code>%2e%2e</code>) into literal <code>..</code> segments, which <code>filepath.Join</code> then processes to resolve a path outside the <code>DataDir</code> but still within the <code>WorkspaceDir</code>.</li>
<li>The <code>CheckAbsPathAccessableByPublishAccess</code> function evaluates the resolved absolute path. Since the path is outside <code>DataDir</code> (e.g., <code>WorkspaceDir/conf/conf.json</code>), it incorrectly returns <code>true</code>, bypassing further granular access checks.</li>
<li>Crucially, the <code>IsSensitivePath()</code> denylist, which is applied to the patched <code>/export/</code> route, is not called or enforced for the <code>/assets/*path</code> handler.</li>
<li>The <code>http.ServeFile</code> function then proceeds to serve the arbitrarily specified file from the <code>WorkspaceDir</code>, such as <code>conf/conf.json</code> or <code>temp/siyuan.db</code>, to the attacker.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation allows an unauthenticated attacker to read any file within the SiYuan <code>WorkspaceDir</code>. This includes highly sensitive information such as: <code>conf/conf.json</code>, which contains the <code>accessAuthCode</code> SHA256 hash (vulnerable to offline cracking), API tokens, and S3/WebDAV sync credentials. Attackers can also access <code>temp/siyuan.db</code>, <code>temp/blocktree.db</code>, and <code>temp/asset_content.db</code>, which are SQLite databases containing the entire content of all notebooks. Additionally, <code>siyuan.log</code> can be exfiltrated, revealing internal paths and system information. Compromise of the <code>accessAuthCode</code> or API token provides full authenticated access to the kernel API, enabling complete read and write capabilities for all notebooks, and potentially escalating to further compromise if sync credentials are used elsewhere.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch SiYuan immediately to a version equal to or later than <code>0.0.0-20260628153353-2d5d72223df4</code> to remediate CVE-2026-54066.</li>
<li>Deploy the <code>Detect CVE-2026-54066 Exploitation - SiYuan Double URL-Encoded Path Traversal</code> Sigma rule to your SIEM to identify attempts to exploit this vulnerability.</li>
<li>Implement Web Application Firewall (WAF) rules to block HTTP GET requests containing the <code>%252e%252e</code> string in the URL path, specifically targeting <code>/assets/</code> endpoints, as identified in the IOC.</li>
<li>Disable SiYuan's &quot;publish mode&quot; (anonymous read-only HTTP endpoint) if it is not explicitly required for your operational needs, reducing the attack surface.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>path-traversal</category><category>vulnerability</category><category>web-vulnerability</category><category>arbitrary-file-read</category></item></channel></rss>