Overview
CVE-2026-33669 is a critical unauthenticated information disclosure vulnerability in SiYuan, a popular open-source personal knowledge management (PKM) system. Prior to version 3.6.2, the application's /api/file/readDir interface exposed document IDs to unauthenticated callers. An attacker could chain this with the /api/block/getChildBlocks interface to read the complete content of all documents stored in the SiYuan instance — without any credentials.
The vulnerability carries a CVSS v3.1 base score of 9.8 (Critical), reflecting the network-accessible, zero-authentication attack vector and the complete exposure of confidentiality. The flaw is published under GitHub Security Advisory GHSA-34xj-66v3-6j83.
Technical Details
SiYuan exposes a local HTTP server to provide its web-based interface and API. The vulnerability arises from missing authentication controls on two API endpoints:
Step 1 — Document ID Enumeration via /api/file/readDir
The /api/file/readDir endpoint returns directory listings of the SiYuan data directory. When called without authentication, it reveals the internal document IDs (block IDs) used to identify individual notes and pages within the knowledge base.
Step 2 — Full Content Extraction via /api/block/getChildBlocks
With the document IDs obtained from Step 1, an attacker can call /api/block/getChildBlocks for each ID. This endpoint returns the complete structured content of each document block — including all text, links, embedded media references, and metadata — without requiring authentication.
Attack Result
The two-step chain effectively gives any network-accessible unauthenticated attacker complete read access to the entire SiYuan knowledge base. SiYuan is commonly used to store sensitive personal or professional information including notes, passwords, research, code snippets, and business documents.
This is classified as CWE-125 (Out-of-bounds Read / improper access control on API interface).
Affected Versions
| Software | Affected Versions | Fixed Version |
|---|---|---|
| SiYuan | All versions prior to 3.6.2 | 3.6.2 |
CVSS Score Breakdown
| Metric | Value |
|---|---|
| Base Score | 9.8 (Critical) |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | High |
| CWE | CWE-125 |
Exposure Context
SiYuan instances are most commonly deployed locally on a user's machine, where the HTTP server listens on localhost. However, exposure is elevated in cases where:
- SiYuan is deployed on a server or NAS device accessible over a local network or the internet
- SiYuan is accessed remotely via port forwarding, VPN, or reverse proxy
- The local machine is on a shared network (corporate Wi-Fi, cloud VM, shared hosting)
- SiYuan is containerized and the container port is exposed beyond localhost
For server-hosted deployments, this vulnerability can result in complete knowledge base compromise from the network perimeter.
Patch & Mitigation
Primary fix: Upgrade to SiYuan version 3.6.2 or later. The GitHub release contains the fix that adds authentication enforcement to the affected API endpoints.
Interim mitigations for users unable to update immediately:
- Restrict SiYuan to localhost only — ensure the SiYuan HTTP server is not accessible beyond
127.0.0.1. - Apply firewall rules to block external access to the SiYuan port (default: 6806).
- Avoid exposing SiYuan via reverse proxy without adding an authentication layer (e.g., HTTP basic auth, OAuth proxy).
- Audit access logs for unexpected API calls to
/api/file/readDiror/api/block/getChildBlocksfrom non-localhost sources.
Recommendations
Users running SiYuan in any network-accessible configuration should treat this as a critical update. The unauthenticated API exposure means any attacker with network access can silently exfiltrate the entire knowledge base.
- Upgrade to SiYuan 3.6.2 immediately
- Verify the SiYuan server is not reachable from untrusted network segments
- Consider enabling SiYuan's built-in authentication if using a server deployment
- Review stored documents for sensitive information that may have been exfiltrated if the instance was exposed
Also related: CVE-2026-33670 — a companion vulnerability in SiYuan's readDir interface that enables directory traversal to enumerate document filenames across all notebooks.