CVE-2026-32110 Siyuan — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	8.3 (HIGH)
Fixed In	3.6.0
Type	CWE-918 (Server-Side Request Forgery (SSRF))
Vendor	Siyuan
Public PoC	No

SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and headers.

There is no URL validation to prevent requests to internal networks, localhost, or cloud metadata services. This vulnerability is fixed in 3.6.0.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

Low

Partial disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-918 Server-Side Request Forgery (SSRF)

References 1

https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56cv-c5p2-j2wg

security-advisories@github.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-31809

Siyuan

6.4

CVE-2026-31807

Siyuan

6.4

CVE-2026-30869

Siyuan

9.3

CVE-2026-30926

Siyuan

7.1

CVE-2026-29183

Siyuan

9.3

Menu

CVE-2026-32110

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-31809

CVE-2026-31807

CVE-2026-30869

CVE-2026-30926

CVE-2026-29183

CVE Details

Editor's Choice

Menu

CVE-2026-32110

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-31809

CVE-2026-31807

CVE-2026-30869

CVE-2026-30926

CVE-2026-29183

CVE Details

Editor's Choice

Stay informed on cybersecurity