Skip to main content

Docker CVE-2026-33194

MEDIUM
Path Traversal (CWE-22)
2026-03-18 https://github.com/siyuan-note/siyuan GHSA-vm69-h85x-8p85
6.8
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.8 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
SUSE
MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 18, 2026 - 20:15 vuln.today
CVE Published
Mar 18, 2026 - 20:10 nvd
MEDIUM 6.8

DescriptionGitHub Advisory

Summary

The IsSensitivePath() function in kernel/util/path.go uses a denylist approach that was recently expanded (GHSA-h5vh-m7fg-w5h6, commit 9914fd1) but remains incomplete. Multiple security-relevant Linux directories are not blocked, including /opt (application data), /usr (local configs/binaries), /home (other users), /mnt and /media (mounted volumes). The globalCopyFiles and importStdMd endpoints rely on IsSensitivePath as their primary defense against reading files outside the workspace.

Details

Current denylist in kernel/util/path.go:391-405:

go
prefixes := []string{
    "/.",       // dotfiles
    "/etc",     // system config
    "/root",    // root home
    "/var",     // variable data
    "/proc",    // process info
    "/sys",     // sysfs
    "/run",     // runtime data
    "/bin",     // binaries
    "/boot",    // boot files
    "/dev",     // devices
    "/lib",     // libraries
    "/srv",     // service data
    "/tmp",     // temp files
}

NOT blocked:

  • /opt - commonly contains application data, databases, credentials. In SiYuan Docker, /opt/siyuan/ contains the application itself.
  • /usr - contains /usr/local/etc, /usr/local/share, custom configs
  • /home - other users' home directories (only ~/.ssh and ~/.config of the current HomeDir are blocked via separate checks, but other users' homes are accessible)
  • /mnt, /media - mounted volumes, network shares, often containing secrets
  • /snap - snap package data
  • /sbin, /lib64 - system binaries/libraries

The globalCopyFiles endpoint at kernel/api/file.go:82 uses IsSensitivePath as its sole path validation:

go
if util.IsSensitivePath(absSrc) {
    // reject
    continue
}
// File is copied into workspace - then readable via /api/file/getFile

PoC

bash
# Read SiYuan's own application files from /opt (Docker deployment)
curl -s 'http://127.0.0.1:6806/api/file/globalCopyFiles' \
  -H 'Authorization: Token YOUR_API_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{"srcs":["/opt/siyuan/kernel/SiYuan-Kernel"],"destDir":"data/assets"}'
# Then read the copied file from workspace
curl -s 'http://127.0.0.1:6806/api/file/getFile' \
  -H 'Authorization: Token YOUR_API_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{"path":"data/assets/SiYuan-Kernel"}'
# Read files from mounted volumes
curl -s 'http://127.0.0.1:6806/api/file/globalCopyFiles' \
  -H 'Authorization: Token YOUR_API_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{"srcs":["/mnt/secrets/credentials.json"],"destDir":"data/assets"}'

Impact

  • Read arbitrary files from /opt, /usr, /home, /mnt, /media and any other non-denylisted path
  • In Docker deployments: read application source code, configs, mounted secrets
  • The denylist approach is fundamentally flawed - any newly added filesystem path is accessible until explicitly blocked

Recommended Fix

Switch from a denylist to an allowlist approach. Only permit copying from the workspace directory and explicitly approved external paths:

go
func IsSensitivePath(p string) bool {
    absPath := filepath.Clean(p)

    // Allowlist: only workspace and configured safe directories
    if strings.HasPrefix(absPath, WorkspaceDir) {
        // Block workspace-internal sensitive paths (conf/)
        if strings.HasPrefix(absPath, filepath.Join(WorkspaceDir, "conf")) {
            return true
        }
        return false
    }

    // Everything outside workspace is sensitive by default
    return true
}

AnalysisAI

Docker's IsSensitivePath() function uses an incomplete denylist that fails to restrict access to sensitive directories including /opt, /usr, /home, /mnt, and /media, allowing authenticated users with high privileges to read arbitrary files outside the intended workspace through the globalCopyFiles and importStdMd endpoints. An attacker with administrative credentials could exploit this path traversal vulnerability to access sensitive configuration files and data from other users or mounted volumes. No patch is currently available for this medium-severity issue.

Technical ContextAI

SiYuan is a Go-based note-taking application (identified via CPE pkg:go/github.com_siyuan-note_siyuan_kernel) that implements a file management API with endpoints at kernel/api/file.go for handling file operations. The root cause (CWE-22: Improper Limitation of a Pathname to a Restricted Directory) stems from the IsSensitivePath() function in kernel/util/path.go which employs a denylist-based validation strategy at lines 391-405. This function is designed to prevent path traversal attacks by blocking known-sensitive directories (/etc, /root, /var, /proc, /sys, /run, /bin, /boot, /dev, /lib, /srv, /tmp, and dotfiles), but the allowlist approach was rejected in favor of blocking only explicitly-known sensitive paths. The globalCopyFiles endpoint at kernel/api/file.go:82 and importStdMd endpoint rely solely on this incomplete denylist as their primary defense mechanism, with no additional validation layers; when validation passes, files are copied into the workspace directory and subsequently readable via the getFile API endpoint, enabling information disclosure.

RemediationAI

Apply the patch released by the SiYuan project, which should implement an allowlist-based approach restricting file access to the workspace directory and explicitly approved external paths rather than the current denylist strategy (see https://github.com/siyuan-note/siyuan/security/advisories/GHSA-vm69-h85x-8p85 for exact version to upgrade to and patch details). As an interim mitigation for systems that cannot immediately patch, restrict API token issuance to minimal necessary users, implement network-level access controls limiting exposure of the SiYuan API port (default 6806) to trusted networks only, and in Docker deployments, avoid mounting sensitive directories to /mnt or /media unless absolutely necessary. Additionally, deploy host-based file access auditing on the SiYuan process to detect anomalous file reads from sensitive paths, and consider running SiYuan in a restricted container with read-only mounts where feasible.

More in Docker

View all
CVE-2024-55964 CRITICAL POC
9.8 Mar 26

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2019-5736 HIGH POC
8.6 Feb 11

runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac

CVE-2023-32077 HIGH POC
7.5 Aug 24

Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2023-5815 HIGH POC
8.1 Nov 22

The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post

CVE-2014-9357 CRITICAL
10.0 Dec 16

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build

CVE-2026-34156 CRITICAL POC
9.9 Mar 30

Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l

CVE-2019-15752 HIGH POC
7.8 Aug 28

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c

CVE-2025-34221 CRITICAL POC
10.0 Sep 29

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2

CVE-2024-23054 CRITICAL POC
9.8 Feb 05

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du

CVE-2025-23211 CRITICAL POC
9.9 Jan 28

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve

CVE-2026-46339 CRITICAL POC
10.0 May 19

Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Leap 15.6 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP5 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP6 Fixed
openSUSE Leap 15.5 Fixed

Share

CVE-2026-33194 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy