Nixpkgs security tracker
NIXPKGS-2026-0105
GitHub issue
published on
Permalink
CVE-2026-25539
9.1 CRITICAL
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): High (H)
- User Interaction (UI): None (N)
- Scope (S): Changed (C)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): High (H)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Changed (C)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): High (H)
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse accepted
- @LeSuisse published on GitHub
SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE
SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution (RCE) by writing to sensitive locations such as cron jobs, SSH authorized_keys, or shell configuration files. This issue has been patched in version 3.5.5.
References
-
https://github.com/siyuan-note/siyuan/security/advisories/GHSA-c4jr-5q7w-f6r9 x_refsource_CONFIRMexploit
Affected products
siyuan
- ==< 3.5.5
Matching in nixpkgs
pkgs.siyuan
Privacy-first personal knowledge management system that supports complete offline usage, as well as end-to-end encrypted data sync
-
nixos-unstable 3.5.4-dev4
- nixpkgs-unstable 3.5.4-dev4
- nixos-unstable-small 3.5.4
-
nixos-25.11 3.5.4
- nixos-25.11-small 3.5.4
- nixpkgs-25.11-darwin 3.5.4-dev4
Package maintainers
-
@TomaSajt TomaSajt
-
@L-Trump Luo Chen <ltrump@163.com>