Nixpkgs security tracker
NIXPKGS-2026-0699
GitHub issue
published on
Permalink
CVE-2026-32749
7.6 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): High (H)
- User Interaction (UI): None (N)
- Scope (S): Changed (C)
- Confidentiality (C): Low (L)
- Integrity (I): High (H)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): High (H)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): Low (L)
- Modified Scope (MS): Changed (C)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): None (N)
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse accepted
- @LeSuisse published on GitHub
SiYuan importSY/importZipMd: Path Traversal via multipart filename enables arbitrary file write
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an admin to write files to arbitrary locations outside the temp directory - including system paths that enable RCE. This can lead to aata destruction by overwriting workspace or application files, and for Docker containers running as root (common default), this grants full container compromise. This issue has been fixed in version 3.6.1.
References
-
https://github.com/siyuan-note/siyuan/security/advisories/GHSA-qvvf-q994-x79v x_refsource_CONFIRM
-
https://github.com/siyuan-note/siyuan/releases/tag/v3.6.1 x_refsource_MISC
Affected products
siyuan
- ==< 3.6.1
Matching in nixpkgs
Package maintainers
-
@TomaSajt TomaSajt
-
@L-Trump Luo Chen <ltrump@163.com>