CVE-2026-33476

HIGH

SiYuan has an Unauthenticated Arbitrary File Read via Path Traversal

Title source: cna

Description

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under `/appearance/*filepath.` Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server process. Authentication checks explicitly exclude this endpoint, allowing exploitation without valid credentials. Version 3.6.2 fixes this issue.

References (2)

[X_Refsource_Confirm] https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hhgj-gg9h-rjp7

[X_Refsource_Misc] https://github.com/siyuan-note/siyuan/commit/009bb598b3beccc972aa5f1ed88b3b224326bf2a

View Writeup ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0024

EPSS Percentile 47.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-22 CWE-73

Status published

Products (3)

b3log/siyuan < 3.6.2

siyuan-note/siyuan 0Go

siyuan-note/siyuan < 3.6.2

Published Mar 20, 2026

Tracked Since Mar 21, 2026