الثغرات ›

CVE-2026-23850

مرتفع ⚡ اختراق متاح

SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read (LFD). Version 3.5.4

CWE-22 — نوع الضعف

                    نُشر: Jan 19, 2026                      ·  آخر تحديث: Feb 28, 2026                      ·  المصدر: NVD                

CVSS v3

7.5

🔗 NVD الرسمي

📄 الوصف (الإنجليزية)

SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read (LFD). Version 3.5.4 fixes the issue.

🤖

في طابور التحليل الذكي

سيتم تحليل هذا CVE تلقائياً في المهام المجدولة.

🔗 المراجع والمصادر 6

🔗

https://github.com/siyuan-note/siyuan/blob/master/kernel/model/file.go#L1035

security-advisories@github.com

Product

🔗

https://github.com/siyuan-note/siyuan/blob/v3.4.2/kernel/api/filetree.go#L799-L886

security-advisories@github.com

Product

🔗

https://github.com/siyuan-note/siyuan/commit/b2274baba2e11c8cf8901b0c5c871e5b27f1f6dd

security-advisories@github.com

Patch

🔗

https://github.com/siyuan-note/siyuan/commit/f8f4b517077b92c90c0d7b51ac11be1b34b273ad

security-advisories@github.com

Patch

🔗

https://github.com/siyuan-note/siyuan/issues/16860

security-advisories@github.com

Issue Tracking Patch

🔗

https://github.com/siyuan-note/siyuan/security/advisories/GHSA-cv54-7wv7-qxcw

security-advisories@github.com

Exploit Patch Vendor Advisory

📦 المنتجات المتأثرة 1 منتج

b3log:siyuan

📊 CVSS Score

7.5

/ 10.0 — مرتفع

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityN — None / Network

AvailabilityN — None / Network

📋 حقائق سريعة

الخطورة مرتفع

CVSS Score7.5

CWECWE-22

EPSS0.06%

اختراق متاح ✓ نعم

تصحيح متاح ✓ نعم

تاريخ النشر 2026-01-19

المصدر nvd

المشاهدات 4

🏷️ الوسوم

exploit-available patch-available CWE-22

🏢 توجيهات البائع

🔗 https://github.com/siyuan-note/siyuan/security/advis...

⚡ إجراءات

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-23850

في طابور التحليل الذكي

عرّفنا بنفسك

تسجيل الدخول مطلوب