CVE-2026-32110 is a Server-Side Request Forgery (SSRF) vulnerability identified in the SiYuan personal knowledge management system, specifically affecting versions prior to 3.6.0. The flaw resides in the /api/network/forwardProxy endpoint, which accepts a user-controlled URL parameter and makes HTTP requests on behalf of the server, returning the full response body and headers to the requester. Critically, the endpoint lacks any validation or filtering of the requested URLs, allowing authenticated users to direct requests to internal network addresses, localhost, or cloud provider metadata services (such as AWS, Azure, or GCP metadata endpoints). This can lead to unauthorized access to sensitive internal resources, leakage of confidential information, or further exploitation of internal services not exposed externally. The vulnerability requires the attacker to be authenticated, but no additional user interaction is necessary, making it relatively straightforward to exploit once access is obtained. The impact includes high confidentiality and integrity risks, as attackers can retrieve sensitive data or manipulate internal services, with a lower but present risk to availability. The vulnerability has been addressed in SiYuan version 3.6.0 by implementing proper URL validation and restrictions on the forwardProxy endpoint. No known exploits are currently reported in the wild, but the high CVSS score (8.3) indicates significant risk. Organizations using affected versions should prioritize patching and review access controls to the API endpoint.

The SSRF vulnerability in SiYuan can have severe consequences for organizations using affected versions. Attackers with valid credentials can exploit the forwardProxy endpoint to access internal network resources that are otherwise inaccessible externally, including sensitive databases, internal APIs, or cloud metadata services. Accessing cloud metadata services can allow attackers to retrieve credentials or tokens, potentially leading to full cloud account compromise. This undermines confidentiality by exposing sensitive data and can compromise integrity by enabling attackers to interact with internal services. Although availability impact is lower, attackers could leverage this access to conduct further attacks that disrupt services. The vulnerability's requirement for authentication limits exposure but does not eliminate risk, especially in environments with weak access controls or compromised user accounts. Organizations relying on SiYuan for knowledge management may face data breaches, lateral movement within networks, and cloud infrastructure compromise if this vulnerability is exploited.

To mitigate CVE-2026-32110, organizations should immediately upgrade SiYuan to version 3.6.0 or later, where the vulnerability is fixed by enforcing strict URL validation on the forwardProxy endpoint. Until upgrading is possible, restrict access to the /api/network/forwardProxy endpoint to trusted users only, ideally limiting it to administrative roles with strong authentication mechanisms such as multi-factor authentication (MFA). Network-level controls should be implemented to prevent the SiYuan server from making requests to internal IP ranges, localhost addresses, and cloud metadata IP addresses (e.g., 169.254.169.254). Monitoring and logging of API usage can help detect suspicious requests indicative of SSRF exploitation attempts. Additionally, review and harden cloud metadata service access policies to minimize the impact if accessed. Regularly audit user accounts and permissions to reduce the risk of credential compromise that could enable exploitation.