NIXPKGS-2026-0105
GitHub issue
published on
Permalink
CVE-2026-25539
9.1 CRITICAL
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
by @LeSuisse Activity log
- Created automatic suggestion
- @LeSuisse accepted
- @LeSuisse published on GitHub
SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE
SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution (RCE) by writing to sensitive locations such as cron jobs, SSH authorized_keys, or shell configuration files. This issue has been patched in version 3.5.5.
References
-
https://github.com/siyuan-note/siyuan/security/advisories/GHSA-c4jr-5q7w-f6r9 x_refsource_CONFIRM
-
https://github.com/siyuan-note/siyuan/security/advisories/GHSA-c4jr-5q7w-f6r9 x_refsource_CONFIRM
Affected products
siyuan
- ==< 3.5.5
Matching in nixpkgs
pkgs.siyuan
Privacy-first personal knowledge management system that supports complete offline usage, as well as end-to-end encrypted data sync
-
nixos-unstable 3.5.4-dev4
- nixpkgs-unstable 3.5.4-dev4
- nixos-unstable-small 3.5.4
-
nixos-25.11 3.5.4
- nixos-25.11-small 3.5.4
- nixpkgs-25.11-darwin 3.5.4-dev4
Package maintainers
-
@TomaSajt TomaSajt
-
@L-Trump Luo Chen <ltrump@163.com>