{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33670", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-23T16:34:59.930Z", "datePublished": "2026-03-26T21:15:56.609Z", "dateUpdated": "2026-03-30T11:43:18.022Z"}, "containers": {"cna": {"title": "SiYuan has directory traversal within its publishing service", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-xmw9-6r43-x9ww", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-xmw9-6r43-x9ww"}], "affected": [{"vendor": "siyuan-note", "product": "siyuan", "versions": [{"version": "< 3.6.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T21:15:56.609Z"}, "descriptions": [{"lang": "en", "value": "SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.6.2 patches the issue."}], "source": {"advisory": "GHSA-xmw9-6r43-x9ww", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T11:43:02.345307Z", "id": "CVE-2026-33670", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T11:43:18.022Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33670", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-30T11:43:02.345307Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T11:43:14.103Z"}}], "cna": {"title": "SiYuan has directory traversal within its publishing service", "source": {"advisory": "GHSA-xmw9-6r43-x9ww", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "siyuan-note", "product": "siyuan", "versions": [{"status": "affected", "version": "< 3.6.2"}]}], "references": [{"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-xmw9-6r43-x9ww", "name": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-xmw9-6r43-x9ww", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.6.2 patches the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T21:15:56.609Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33670", "state": "PUBLISHED", "dateUpdated": "2026-03-30T11:43:18.022Z", "dateReserved": "2026-03-23T16:34:59.930Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-26T21:15:56.609Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.6.2 patches the issue."}, {"lang": "es", "value": "SiYuan es un sistema de gesti\u00f3n de conocimiento personal. Antes de la versi\u00f3n 3.6.2, la interfaz /API/file/readDir se utilizaba para recorrer y recuperar los nombres de archivo de todos los documentos bajo un cuaderno. La versi\u00f3n 3.6.2 corrige el problema."}], "id": "CVE-2026-33670", "lastModified": "2026-03-30T13:26:50.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-03-26T22:16:30.050", "references": [{"source": "[email protected]", "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-xmw9-6r43-x9ww"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "[email protected]", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.6.2)"}}], "enrichment": {"confidence": 84.0, "confidence_source": "matching", "scores": [{"score": 84.0, "source": "matching"}]}, "original": {"product": "siyuan", "source": "cna", "vendor": "siyuan-note"}, "product": "siyuan", "vendor": "siyuan"}], "analysis": {"en": {"generated_at": "2026-03-26T23:23:21.942508+00:00", "value": {"mitigation_remediation": ["Upgrade SiYuan to version 3.6.2 or newer to apply the official fix", "Restrict or secure the /api/file/readDir endpoint so it is only reachable by trusted users or networks", "Verify that all running instances are on patched versions and audit access to the publishing API", "If immediate patching is not possible, block or rate\u2011limit the publishing API until remediation is completed"], "summary": {"action": "Immediate Patch", "impact": "Information disclosure"}, "threat_synthesis": {"affected_systems": "The flaw affects the SiYuan personal knowledge management system produced by siyuan-note. Any deployment running a version earlier than 3.6.2 is vulnerable, while version 3.6.2 and later contain the fix.", "description_and_impact": "SiYuan\u2019s publishing service contains a directory traversal flaw on the /api/file/readDir endpoint. By supplying crafted path parameters, an attacker can cause the server to enumerate file names stored in any notebook, exposing the entire set of document names. The vulnerability is a classic path manipulation issue that could also allow reading of file contents if the server\u2019s file permissions permit, but the description confirms only discovery of file names.", "risk_and_exploitability": "With a CVSS score of 9.8 the vulnerability is considered highly severe, indicating a substantial risk to data confidentiality. The attack vector is remote, usable through the web API when the publishing service is exposed to external traffic. No EPSS score is available, and the vulnerability is not listed in the Known Exploited Vulnerabilities catalog, so no publicly documented exploits exist yet. Nevertheless, the high severity, remote availability, and lack of mitigations mean that a determined attacker could exploit the flaw at any time until a patch is applied."}}}}, "created": "2026-03-27T08:31:44.732098+00:00", "updated": "2026-03-27T09:23:11.452742+00:00", "vendors": ["siyuan", "siyuan$PRODUCT$siyuan"]}