CRITICAL🇵🇱 Wersja polska

CVE-2026-33669

CVSS 9.8v3.1pub. 2026-03-26upd. 2026-03-30

SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. Version 3.6.2 patches the issue.

🤖 AI Analysis
How it works

The attacker first sends a request to the /api/file/readDir API endpoint, which returns identifiers of documents stored in the application. Next, using the obtained identifiers, the attacker calls the /api/block/getChildBlocks endpoint, which allows reading the contents of all documents. Both endpoints are accessible without authentication from the network (AV:N, PR:N, UI:N), which classifies the vulnerability as CWE-125 (out-of-bounds read / unauthorized data read).

Impact

An unauthorized attacker can gain full access to the contents of all documents stored in the SiYuan system, resulting in a breach of user data confidentiality and integrity.

Mitigation & patch

SiYuan must be updated to version 3.6.2 or later, which contains a patch eliminating the described vulnerability. Details are available in the vendor's security advisory on GitHub.

Who is affected

B3Log SiYuan in versions prior to 3.6.2

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • B3log Siyuan

    APP
    B3Log
    < 3.6.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-40322CRITICAL9.0PL ✓ten sam produkt

B3Log SiYuan: XSS w diagramach Mermaid eskaluje do RCE w Electron

CVE-2026-39846CRITICAL9.0PL ✓ten sam produkt

RCE przez stored XSS w kliencie desktopowym B3Log SiYuan

CVE-2026-34449CRITICAL9.6PL ✓ten sam produkt

RCE w SiYuan poprzez nadmiernie permisywną politykę CORS

CVE-2026-34448CRITICAL9.0PL ✓ten sam produkt

Stored XSS → RCE w B3Log SiYuan via złośliwy URL w Attribute View

CVE-2026-33670CRITICAL9.8PL ✓ten sam produkt

Path Traversal w B3Log SiYuan — nieautoryzowane odczytywanie struktury plików