Nixpkgs security tracker

Untriaged

Permalink CVE-2026-25539

9.1 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 months, 2 weeks ago

SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE

SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution (RCE) by writing to sensitive locations such as cron jobs, SSH authorized_keys, or shell configuration files. This issue has been patched in version 3.5.5.

References

https://github.com/siyuan-note/siyuan/security/advisories/GHSA-c4jr-5q7w-f6r9 x_refsource_CONFIRMexploit
https://github.com/siyuan-note/siyuan/commit/d7f790755edf8c78d2b4176171e5a0cdcd720feb x_refsource_MISC

Affected products

siyuan

==< 3.5.5

Matching in nixpkgs

pkgs.siyuan

Privacy-first personal knowledge management system that supports complete offline usage, as well as end-to-end encrypted data sync

nixos-unstable -
- nixpkgs-unstable 3.5.4-dev4
nixos-25.11 3.4.0

Package maintainers

@TomaSajt TomaSajt
@L-Trump Luo Chen <ltrump@163.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.siyuan

Package maintainers