CVE-2026-32110
Published: 11 March 2026
Summary
CVE-2026-32110 is a high-severity SSRF (CWE-918) vulnerability in B3Log Siyuan. Its CVSS base score is 8.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 19.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-32110 is a server-side request forgery (SSRF) vulnerability, classified under CWE-918, affecting SiYuan, an open-source personal knowledge management system. In versions prior to 3.6.0, the `/api/network/forwardProxy` endpoint enables authenticated users to initiate arbitrary HTTP requests from the SiYuan server itself. The endpoint accepts a user-supplied URL without any validation, allowing requests to internal networks, localhost, or cloud metadata services, and returns the full response body and headers to the user.
An attacker with authenticated access to a SiYuan instance (requiring low privileges, PR:L) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation grants high confidentiality (C:H) and integrity (I:H) impacts, with low availability impact (A:L), yielding a CVSS v3.1 base score of 8.3. Attackers can leverage the server-side requests to access and exfiltrate data from internal services, local resources, or sensitive cloud endpoints like instance metadata, potentially enabling lateral movement or privilege escalation within the victim's infrastructure.
The official GitHub Security Advisory (GHSA-56cv-c5p2-j2wg) confirms the issue and states that it is fully resolved in SiYuan version 3.6.0, recommending immediate upgrades to mitigate the vulnerability. No additional workarounds are detailed in the provided references.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-11381
Vulnerability details
SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response…
more
body and headers. There is no URL validation to prevent requests to internal networks, localhost, or cloud metadata services. This vulnerability is fixed in 3.6.0.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF in public web endpoint directly enables T1190 exploitation; returns responses from localhost/internal URLs (T1005, T1213, T1046) and explicitly cloud metadata services (T1522, T1552.005).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the lack of URL validation in the forwardProxy endpoint by requiring checks on user-supplied inputs to block SSRF requests to internal networks, localhost, or metadata services.
Boundary protection enforces network-level restrictions to prevent the server from making unauthorized outbound requests to internal resources or sensitive endpoints during SSRF exploitation.
Mandates timely identification, reporting, and remediation of the SSRF flaw, including patching to SiYuan version 3.6.0 to eliminate the vulnerable endpoint behavior.