CVE-2026-23851 is a path traversal vulnerability classified under CWE-22 affecting SiYuan Note, a personal knowledge management system. The flaw exists in versions prior to 3.5.4 within the /api/file/globalCopyFiles endpoint, where the function globalCopyFiles accepts a JSON array of source file paths (srcs) to copy files into the application's workspace. The vulnerability stems from insufficient validation of these source paths: the code verifies only the existence of the source files using filelock.IsExist(src) but fails to ensure that these paths are confined within the authorized workspace directory. Consequently, an authenticated user can specify arbitrary absolute or relative paths to files anywhere on the server's filesystem, enabling unauthorized copying of sensitive files into the workspace. This can lead to exposure of confidential information or further exploitation if sensitive configuration or credential files are accessed. The vulnerability does not require user interaction and can be exploited remotely over the network, but it does require the attacker to have authenticated access to the application. The CVSS 4.0 score is 8.3 (high), reflecting the network attack vector, low attack complexity, no privileges required beyond authentication, no user interaction, and high impact on confidentiality. The issue was addressed in SiYuan Note version 3.5.4 by implementing proper path validation to restrict source files to the workspace directory. No known exploits are reported in the wild yet, but the vulnerability poses a significant risk to affected deployments.

For European organizations using SiYuan Note versions prior to 3.5.4, this vulnerability can lead to unauthorized disclosure of sensitive files stored on the server hosting the application. This could include configuration files, credentials, or other confidential data, potentially resulting in data breaches and compliance violations under regulations such as GDPR. The ability to copy arbitrary files into the workspace might also facilitate further attacks, such as privilege escalation or lateral movement within the network. Since the vulnerability requires authentication, insider threats or compromised accounts pose a particular risk. The impact on confidentiality is high, while integrity and availability impacts are limited but possible if critical files are manipulated. Organizations relying on SiYuan Note for knowledge management, especially those handling sensitive or regulated data, face increased risk of data exposure and operational disruption.

European organizations should immediately upgrade SiYuan Note to version 3.5.4 or later to apply the official patch that enforces proper path validation. Until the upgrade is possible, restrict access to the /api/file/globalCopyFiles endpoint by implementing strict access controls, such as IP whitelisting, network segmentation, or application-layer firewalls. Enforce strong authentication mechanisms and monitor authenticated user activities for suspicious file copy requests. Conduct regular audits of server file permissions to minimize exposure of sensitive files. Additionally, implement logging and alerting on file copy operations within the application to detect potential exploitation attempts. Educate users about the risks of compromised credentials and enforce least privilege principles to limit the impact of any account compromise. Finally, consider isolating the SiYuan Note server from critical systems to reduce potential lateral movement.