Vulnerability Description
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under `/appearance/*filepath.` Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server process. Authentication checks explicitly exclude this endpoint, allowing exploitation without valid credentials. Version 3.6.2 fixes this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| B3Log | Siyuan | < 3.6.2 |
Related Weaknesses (CWE)
References
- https://github.com/siyuan-note/siyuan/commit/009bb598b3beccc972aa5f1ed88b3b22432Patch
- https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hhgj-gg9h-rjp7ExploitVendor Advisory
- https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hhgj-gg9h-rjp7ExploitVendor Advisory
FAQ
What is CVE-2026-33476?
CVE-2026-33476 is a vulnerability with a CVSS score of 7.5 (HIGH). SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under `/appearance/*filepath.` Due to improper path sanitiz...
How severe is CVE-2026-33476?
CVE-2026-33476 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-33476?
Check the references section above for vendor advisories and patch information. Affected products include: B3Log Siyuan.