CVE-2026-33670 SiYuan has directory traversal within its publishing service

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.6.2 patches the issue...

CVE-2026-33669 SiYuan has Arbitrary Document Reading within the Publishing Service

SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. Version 3.6.2 patches the issue...

SiYuan 路径遍历漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.6.2 had a path traversal vulnerability. This vulnerability stemmed from the/api/file/readDir interface, which allowed for path traversal, potentially leading to the retrieval of...

SiYuan 缓冲区错误漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.6.2 contained a buffer error vulnerability. This vulnerability stemmed from the use of the/api/file/readDir interface to retrieve document IDs, which could lead to information...

SiYuan has directory traversal within its publishing service

Details The /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. PoC python !/usr/bin/env python3 """POC: SiYuan /api/file/readDir 未鉴权目录遍历""" import requests, json, sys def poctarget: base = target.rstrip"/" url = f"base/api/file/readDir"...