CVE-2026-32110

SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and headers. There is no URL validation to prevent requests to internal networks, localhost, or cloud metadata services. This vulnerability is fixed in 3.6.0.

CVSS v3 8.3 HIGH

8.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56cv-c5p2-j2wg	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:b3log:siyuan:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-11 21:16

Updated : 2026-03-13 16:51

NVD link : CVE-2026-32110

Mitre link : CVE-2026-32110

CVE.ORG link : CVE-2026-32110

JSON object : View

Products Affected

b3log

siyuan

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2026-32110", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 2.8}]}, "published": "2026-03-11T21:16:17.087", "references": [{"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56cv-c5p2-j2wg", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and headers. There is no URL validation to prevent requests to internal networks, localhost, or cloud metadata services. This vulnerability is fixed in 3.6.0."}, {"lang": "es", "value": "SiYuan es un sistema de gesti\u00f3n de conocimiento personal. Antes de la 3.6.0, el endpoint /api/network/forwardProxy permite a usuarios autenticados realizar peticiones HTTP arbitrarias desde el servidor. El endpoint acepta una URL controlada por el usuario y realiza peticiones HTTP a ella, devolviendo el cuerpo completo de la respuesta y las cabeceras. No hay validaci\u00f3n de URL para prevenir peticiones a redes internas, localhost o servicios de metadatos en la nube. Esta vulnerabilidad est\u00e1 corregida en la 3.6.0."}], "lastModified": "2026-03-13T16:51:38.307", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:b3log:siyuan:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C3834ED-F089-4DEF-A283-7F20DC4A7C56", "versionEndExcluding": "3.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}