CVE-2026-32110 - Vulnerability Analysis
HighCVSS: 8.3Last Updated: March 13, 2026
SiYuan - Server Side Request Forgery
Overview
SiYuan < 3.6.0 contains a server-side request forgery caused by lack of URL validation in /api/network/forwardProxy endpoint, letting authenticated users make arbitrary HTTP requests from the server, exploit requires user authentication.
Severity & Score
Impact
Authenticated users can make arbitrary HTTP requests from the server, potentially accessing internal services or sensitive metadata.
Mitigation
Update to version 3.6.0 or later.
Social Media Activity(2 posts)
š CVE-2026-32110 - High (8.3) SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests... š https://www.thehackerwire.com/vulnerability/CVE-2026-32110/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-32110 - High (8.3) SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests... š https://www.thehackerwire.com/vulnerability/CVE-2026-32110/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-32110
- Severity
- High
- CVSS Score
- 8.3
- Type
- server_side_request_forgery
- Status
- confirmed
- EPSS
- 3.8%
- Social Posts
- 2
CWE
- CWE-918
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L