CRITICAL🇵🇱 Wersja polska

CVE-2026-33670

CVSS 9.8v3.1pub. 2026-03-26upd. 2026-03-30

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.6.2 patches the issue.

🤖 AI Analysis
How it works

The /api/file/readDir API endpoint does not properly validate provided paths, allowing an attacker to construct an HTTP request containing a manipulated path (path traversal). This makes it possible to escape the allowed directory and recursively browse the notebook file structure. The vulnerability is exploited without the need for an account or session — network access to the SiYuan instance is sufficient.

Impact

An attacker can gain unauthorized access to the names and structure of all documents stored in notebooks, leading to a breach of user data confidentiality. The exposed file structure may facilitate further targeted attacks on specific documents.

Mitigation & patch

SiYuan should be updated to version 3.6.2, which contains the official patch eliminating this vulnerability. Additionally, it is recommended to restrict network access to the SiYuan instance only to trusted hosts (e.g., via firewall or binding to localhost) if the application does not need to be publicly accessible.

Who is affected

B3Log SiYuan in all versions before 3.6.2

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • B3log Siyuan

    APP
    B3Log
    < 3.6.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2026-40322CRITICAL9.0PL ✓ten sam produkt

B3Log SiYuan: XSS w diagramach Mermaid eskaluje do RCE w Electron

CVE-2026-39846CRITICAL9.0PL ✓ten sam produkt

RCE przez stored XSS w kliencie desktopowym B3Log SiYuan

CVE-2026-34449CRITICAL9.6PL ✓ten sam produkt

RCE w SiYuan poprzez nadmiernie permisywną politykę CORS

CVE-2026-34448CRITICAL9.0PL ✓ten sam produkt

Stored XSS → RCE w B3Log SiYuan via złośliwy URL w Attribute View

CVE-2026-33669CRITICAL9.8PL ✓ten sam produkt

B3Log SiYuan — nieuprawniony odczyt treści dokumentów przez API