CVE-2026-25992 - SiYuan has a File Read Interface Case Bypass Vulnerability

CVE ID : CVE-2026-25992 Published : Feb. 10, 2026, 6:16 p.m. | 39 minutes ago Description : SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read protected configuration files. This vulnerability is fixed in 3.5.5. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...