6 matches found
GO-2026-4752 SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass in github.com/siyuan-note/siyuan/kernel
SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass in github.com/siyuan-note/siyuan/kernel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fr...
CVE-2026-33203 SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on...
CVE-2026-33203 SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on...
CVE-2026-33203
CVE-2026-33203 affects SiYuan prior to 3.6.2. The SiYuan kernel WebSocket server accepts unauthenticated connections when an explicit auth keepalive parameter is present. After connection, messages are parsed with unchecked type assertions on attacker-controlled JSON, allowing a remote attacker t...
GHSA-3G9H-9HP4-654V SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass
Summary The SiYuan kernel WebSocket server accepts unauthenticated connections when a specific “auth keepalive” query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on attacker-controlled JSON. A remote attacker can send malformed messages tha...
GHSA-XP2M-98X8-RPJ6 SiYuan Vulnerable to Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure
Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure Summary SiYuan's WebSocket endpoint /ws allows unauthenticated connections when specific URL parameters are provided ?app=siyuan&id=auth&type=auth. This bypass, intended for the login page to keep...