CVE-2026-33670

CRITICAL NVD

CVSS Score 9.8

Severity CRITICAL

Published Mar 26, 2026

Vendor unknown

Description

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.6.2 patches the issue.

References

https://github.com/siyuan-note/siyuan/security/advisories/GHSA-xmw9-6r43-x9ww