Information Exposure in SiYuan Personal Knowledge Management System
CVE-2026-33669

9.8CRITICAL

Key Information:

Vendor: Siyuan-note
Status: Siyuan
Vendor: CVE Published:; 26 March 2026

🔔 Create Siyuan-note Vulnerability Alert

What is CVE-2026-33669?

The SiYuan Personal Knowledge Management System allows unauthorized access to document IDs via the /api/file/readDir interface. Subsequently, users can access and view the content of all documents through the /api/block/getChildBlocks interface. This issue, addressed in version 3.6.2, emphasizes the importance of updating to safeguard sensitive document information from potential exposure.

Affected Version(s)

siyuan < 3.6.2

References

https://github.com/siyuan-note/siyuan/security/advisories...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2026
Vulnerability Reserved
Mar 23, 2026

CVE-2026-33669 Data

JSON