Security Advisory

CVE-2026-25992

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-10 17:47:36

Last updated 2026-02-10 19:17:41

Assigner GitHub_M

State PUBLISHED

Description

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read protected configuration files. This vulnerability is fixed in 3.5.5.

← Browse all CVEs View on cve.org ↗