cbcvebase.
CVE-2026-25992
published 2026-02-10

CVE-2026-25992: SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to…

PriorityP348high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.51%
39.3th percentile
SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read protected configuration files. This vulnerability is fixed in 3.5.5.

Affected

3 ranges
VendorProductVersion rangeFixed in
b3logsiyuan< 3.5.53.5.5
github.comsiyuan-note_siyuan_kernel0 – 0.0.0-20260126094835-d5d10dd41b0c
siyuan-notesiyuan< 3.5.53.5.5
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.