{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-27T12:53:17.149","vulnerabilities":[{"cve":{"id":"CVE-2026-32749","sourceIdentifier":"security-advisories@github.com","published":"2026-03-19T21:17:10.910","lastModified":"2026-06-17T10:36:19.150","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an admin to write files to arbitrary locations outside the temp directory - including system paths that enable RCE. This can lead to aata destruction by overwriting workspace or application files, and for Docker containers running as root (common default), this grants full container compromise. This issue has been fixed in version 3.6.1."},{"lang":"es","value":"SiYuan es un sistema de gestión de conocimiento personal. En las versiones 3.6.0 e inferiores, POST /API/import/importSY y POST /API/import/importZipMd escriben archivos subidos a una ruta derivada del campo de nombre de archivo multipart sin sanitización, permitiendo a un administrador escribir archivos en ubicaciones arbitrarias fuera del directorio temporal, incluyendo rutas del sistema que permiten RCE. Esto puede llevar a la destrucción de datos al sobrescribir archivos de espacio de trabajo o de aplicación, y para contenedores Docker que se ejecutan como root (valor predeterminado común), esto otorga un compromiso total del contenedor. Este problema ha sido solucionado en la versión 3.6.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.6.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:N","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-20T20:17:53.262058Z","id":"CVE-2026-32749","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-73"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:b3log:siyuan:*:*:*:*:*:*:*:*","versionEndExcluding":"3.6.1","matchCriteriaId":"E1AA6470-222A-4841-A487-DF65F9859780"}]}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/commit/5ee00907f0b0c4aca748ce21ef1977bb98178e14","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.6.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-qvvf-q994-x79v","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}