Количество 2
Количество 2
CVE-2026-25539
SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution (RCE) by writing to sensitive locations such as cron jobs, SSH authorized_keys, or shell configuration files. This issue has been patched in version 3.5.5.
GHSA-c4jr-5q7w-f6r9
SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-25539 SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution (RCE) by writing to sensitive locations such as cron jobs, SSH authorized_keys, or shell configuration files. This issue has been patched in version 3.5.5. | CVSS3: 9.1 | 0% Низкий | 4 дня назад |
| GHSA-c4jr-5q7w-f6r9 SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE | CVSS3: 9.1 | 0% Низкий | 10 дней назад |
Уязвимостей на страницу