CVE-2026-25992
Published: 10 February 2026
Summary
CVE-2026-25992 is a high-severity Path Traversal (CWE-22) vulnerability in B3Log Siyuan. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in unauthenticated public API endpoint (/api/file/getFile) directly enables T1190 (exploiting the exposed web application) and T1552.001 (reading config files that contain credentials/API keys).
NVD Description
SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read…
more
protected configuration files. This vulnerability is fixed in 3.5.5.
Deeper analysisAI
CVE-2026-25992 is a path traversal vulnerability (CWE-22) affecting SiYuan, an open-source personal knowledge management system, in versions prior to 3.5.5. The issue resides in the `/api/file/getFile` endpoint, which employs case-sensitive string equality checks to restrict access to sensitive files. On case-insensitive file systems like Windows, these checks can be bypassed by submitting requests with mixed-case paths, allowing unauthorized retrieval of protected configuration files.
The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating it is exploitable over the network with low complexity and no authentication or user interaction required. Remote attackers can send crafted requests to the endpoint, leveraging the case-insensitivity mismatch to traverse path restrictions and disclose sensitive configuration data, potentially exposing user credentials, API keys, or other confidential information stored in the targeted files.
Mitigation is available in SiYuan version 3.5.5, which addresses the bypass by fixing the file access checks. Security practitioners should upgrade to this version immediately, as detailed in the project's release notes at https://github.com/siyuan-note/siyuan/releases/tag/v3.5.5 and the GitHub Security Advisory at https://github.com/siyuan-note/siyuan/security/advisories/GHSA-f72r-2h5j-7639. No workarounds are specified beyond updating.
Details
- CWE(s)