From f8f4b517077b92c90c0d7b51ac11be1b34b273ad Mon Sep 17 00:00:00 2001
From: Daniel <845765@qq.com>
Date: Sun, 18 Jan 2026 17:25:21 +0800
Subject: [PATCH] :lock: Arbitrary file reading vulnerability
 https://github.com/siyuan-note/siyuan/issues/16860

Signed-off-by: Daniel <845765@qq.com>
---
 kernel/util/path.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kernel/util/path.go b/kernel/util/path.go
index 2b5a81957..6fae2db3a 100644
--- a/kernel/util/path.go
+++ b/kernel/util/path.go
@@ -416,6 +416,7 @@ func IsSensitivePath(p string) bool {
 		"passwd":          {},
 		"shadow":          {},
 		"pgpass":          {},
+		"hosts":           {},
 		"credentials":     {}, // 如 aws credentials
 		"config.json":     {}, // docker config.json 可能含 token
 	}