{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T15:35:29.694","vulnerabilities":[{"cve":{"id":"CVE-2026-32110","sourceIdentifier":"security-advisories@github.com","published":"2026-03-11T21:16:17.087","lastModified":"2026-03-13T16:51:38.307","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and headers. There is no URL validation to prevent requests to internal networks, localhost, or cloud metadata services. This vulnerability is fixed in 3.6.0."},{"lang":"es","value":"SiYuan es un sistema de gestión de conocimiento personal. Antes de la 3.6.0, el endpoint /api/network/forwardProxy permite a usuarios autenticados realizar peticiones HTTP arbitrarias desde el servidor. El endpoint acepta una URL controlada por el usuario y realiza peticiones HTTP a ella, devolviendo el cuerpo completo de la respuesta y las cabeceras. No hay validación de URL para prevenir peticiones a redes internas, localhost o servicios de metadatos en la nube. Esta vulnerabilidad está corregida en la 3.6.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":5.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:b3log:siyuan:*:*:*:*:*:*:*:*","versionEndExcluding":"3.6.0","matchCriteriaId":"8C3834ED-F089-4DEF-A283-7F20DC4A7C56"}]}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56cv-c5p2-j2wg","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}