CVE-2026-33669

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.2

Description The SiYuan personal knowledge management system prior to version 3.6.2 had a flaw where document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. This allowed unauthorized access to potentially encrypted or prohibited documents under the publishing service. The /api/block/getChildBlocks API Endpoint is used to retrieve document content, taking the id variable as input.

Recommendations Versions prior to 3.6.2 should be updated to version 3.6.2 or later.