CVE-2026-25992
Published: 10 February 2026
Summary
CVE-2026-25992 is a high-severity Path Traversal (CWE-22) vulnerability in B3Log Siyuan. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-25992 is a path traversal vulnerability (CWE-22) affecting SiYuan, an open-source personal knowledge management system, in versions prior to 3.5.5. The issue resides in the `/api/file/getFile` endpoint, which employs case-sensitive string equality checks to restrict access to sensitive files. On case-insensitive file systems like Windows, these checks can be bypassed by submitting requests with mixed-case paths, allowing unauthorized retrieval of protected configuration files.
The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating it is exploitable over the network with low complexity and no authentication or user interaction required. Remote attackers can send crafted requests to the endpoint, leveraging the case-insensitivity mismatch to traverse path restrictions and disclose sensitive configuration data, potentially exposing user credentials, API keys, or other confidential information stored in the targeted files.
Mitigation is available in SiYuan version 3.5.5, which addresses the bypass by fixing the file access checks. Security practitioners should upgrade to this version immediately, as detailed in the project's release notes at https://github.com/siyuan-note/siyuan/releases/tag/v3.5.5 and the GitHub Security Advisory at https://github.com/siyuan-note/siyuan/security/advisories/GHSA-f72r-2h5j-7639. No workarounds are specified beyond updating.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-6758
Vulnerability details
SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read…
more
protected configuration files. This vulnerability is fixed in 3.5.5.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in unauthenticated public API endpoint (/api/file/getFile) directly enables T1190 (exploiting the exposed web application) and T1552.001 (reading config files that contain credentials/API keys).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved authorizations for access to sensitive files, directly addressing the bypass of case-sensitive checks on case-insensitive file systems.
Validates file path inputs to the /api/file/getFile endpoint, preventing path traversal exploits including mixed-case bypasses.
Requires timely identification and correction of flaws like improper case-sensitive path restrictions, as fixed in SiYuan 3.5.5.