CVE-2026-33669 SiYuan has Arbitrary Document Reading within the Publishing Service

SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. Version 3.6.2 patches the issue...

CVE-2026-33669

SiYuan (personal knowledge management system) had a vulnerability prior to version 3.6.2 where document IDs could be retrieved via /api/file/readDir and then /api/block/getChildBlocks could be used to view content of all documents, effectively enabling arbitrary document reading within the Publis...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the getChildBlocks API endpoint. An attacker can access the contents of any document, including encrypted or restricted files, by supplying arbitrary document IDs to the API. Remediation Upgrade...

PT-2026-28170

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.2 Description The SiYuan personal knowledge management system prior to version 3.6.2 had a flaw where document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interfac...