CVE-2026-33476
Directory Traversal in SiYuan Kernel Allows Unauthenticated File Access
Publication date: 2026-03-20
Last updated on: 2026-03-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| b3log | siyuan | to 3.6.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the SiYuan personal knowledge management system prior to version 3.6.2. The Siyuan kernel exposes an unauthenticated file-serving endpoint under the path `/appearance/*filepath`. Due to improper path sanitization, attackers can exploit this endpoint to perform directory traversal attacks, allowing them to read arbitrary files accessible to the server process. This endpoint explicitly excludes authentication checks, meaning attackers do not need valid credentials to exploit this issue. The vulnerability was fixed in version 3.6.2.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to read arbitrary files on the server running the SiYuan system without authentication. This could lead to exposure of sensitive information stored on the server, including configuration files, user data, or other confidential files accessible to the server process. Since the attacker does not need valid credentials, the risk of unauthorized data disclosure is significant.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade SiYuan to version 3.6.2 or later, where the issue has been fixed.
Since the vulnerability involves an unauthenticated file-serving endpoint allowing directory traversal, avoid exposing the affected endpoint (/appearance/*filepath) to untrusted networks until the upgrade is applied.