CVE-2026-32815
HIGH
GHSA-xp2m-98x8-rpj6
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2Description
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the WebSocket endpoint (/ws) allows unauthenticated connections when specific URL parameters are provided (?app=siyuan&id=auth&type=auth). This bypass, intended for the login page to keep the kernel alive, allows any external client - including malicious websites via cross-origin WebSocket - to connect and receive all server push events in real-time. These events leak sensitive document metadata including document titles, notebook names, file paths, and all CRUD operations performed by authenticated users. Combined with the absence of Origin header validation, a malicious website can silently connect to a victim's local SiYuan instance and monitor their note-taking activity. This issue has been fixed in version 3.6.1.
Analysis
SiYuan knowledge management system versions 3.6.0 and below allow unauthenticated WebSocket connections to the /ws endpoint via specific URL parameters, enabling attackers to bypass authentication and receive real-time server push events. An attacker can exploit this by connecting from a malicious website to monitor a victim's local SiYuan instance and exfiltrate sensitive metadata including document titles, notebook names, file paths, and user activity without the victim's knowledge. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 7 days: Identify all affected systems and apply vendor patches promptly. Audit authentication configurations and rotate any potentially compromised credentials.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today