{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33194", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-17T22:16:36.721Z", "datePublished": "2026-03-20T22:30:33.141Z", "dateUpdated": "2026-03-25T13:45:09.722Z"}, "containers": {"cna": {"title": "SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-vm69-h85x-8p85", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-vm69-h85x-8p85"}], "affected": [{"vendor": "siyuan-note", "product": "siyuan", "versions": [{"version": "< 3.6.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T22:30:33.141Z"}, "descriptions": [{"lang": "en", "value": "SiYuan is a personal knowledge management system. Prior to version 3.6.2, the `IsSensitivePath()` function in `kernel/util/path.go` uses a denylist approach that was recently expanded (GHSA-h5vh-m7fg-w5h6, commit 9914fd1) but remains incomplete. Multiple security-relevant Linux directories are not blocked, including `/opt` (application data), `/usr` (local configs/binaries), `/home` (other users), `/mnt` and `/media` (mounted volumes). The `globalCopyFiles` and `importStdMd` endpoints rely on `IsSensitivePath` as their primary defense against reading files outside the workspace. Version 3.6.2 contains an updated fix."}], "source": {"advisory": "GHSA-vm69-h85x-8p85", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T13:45:02.884596Z", "id": "CVE-2026-33194", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T13:45:09.722Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33194", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-17T22:16:36.721Z", "datePublished": "2026-03-20T22:30:33.141Z", "dateUpdated": "2026-03-25T13:45:09.722Z"}, "containers": {"cna": {"title": "SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-vm69-h85x-8p85", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-vm69-h85x-8p85"}], "affected": [{"vendor": "siyuan-note", "product": "siyuan", "versions": [{"version": "< 3.6.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T22:30:33.141Z"}, "descriptions": [{"lang": "en", "value": "SiYuan is a personal knowledge management system. Prior to version 3.6.2, the `IsSensitivePath()` function in `kernel/util/path.go` uses a denylist approach that was recently expanded (GHSA-h5vh-m7fg-w5h6, commit 9914fd1) but remains incomplete. Multiple security-relevant Linux directories are not blocked, including `/opt` (application data), `/usr` (local configs/binaries), `/home` (other users), `/mnt` and `/media` (mounted volumes). The `globalCopyFiles` and `importStdMd` endpoints rely on `IsSensitivePath` as their primary defense against reading files outside the workspace. Version 3.6.2 contains an updated fix."}], "source": {"advisory": "GHSA-vm69-h85x-8p85", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33194", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T13:45:02.884596Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T13:45:06.514Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:b3log:siyuan:*:*:*:*:*:*:*:*", "matchCriteriaId": "27CB71A7-7208-417A-AE6D-266D57F683E9", "versionEndExcluding": "3.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SiYuan is a personal knowledge management system. Prior to version 3.6.2, the `IsSensitivePath()` function in `kernel/util/path.go` uses a denylist approach that was recently expanded (GHSA-h5vh-m7fg-w5h6, commit 9914fd1) but remains incomplete. Multiple security-relevant Linux directories are not blocked, including `/opt` (application data), `/usr` (local configs/binaries), `/home` (other users), `/mnt` and `/media` (mounted volumes). The `globalCopyFiles` and `importStdMd` endpoints rely on `IsSensitivePath` as their primary defense against reading files outside the workspace. Version 3.6.2 contains an updated fix."}], "id": "CVE-2026-33194", "lastModified": "2026-03-23T18:53:21.510", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-20T23:16:45.357", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-vm69-h85x-8p85"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.6.2)"}}], "enrichment": {"confidence": 84.0, "confidence_source": "matching", "scores": [{"score": 84.0, "source": "matching"}]}, "original": {"product": "siyuan", "source": "cna", "vendor": "siyuan-note"}, "product": "siyuan", "vendor": "siyuan"}], "analysis": {"en": {"generated_at": "2026-03-23T20:40:00.075610+00:00", "value": {"mitigation_remediation": ["Upgrade to version 3.6.2 or later to receive the complete denylist fix.", "If an upgrade is not immediately possible, limit or disable access to the globalCopyFiles and importStdMd endpoints to trusted users only.", "Verify that no private files reside in the disallowed directories if an older version must remain in use."], "summary": {"action": "Immediate Patch", "impact": "Potential confidentiality breach through unauthorized file reading"}, "threat_synthesis": {"affected_systems": "Siyuan, a personal knowledge management system provided by siyuan-note, is affected whenever it runs a version older than 3.6.2. Versions prior to 3.6.2 lack the complete denylist and therefore allow the exploit. The advisory specifically lists version 3.6.2 as containing the correct fix.", "description_and_impact": "The vulnerability resides in Siyuan\u2019s IsSensitivePath function, which uses a denylist to prevent file access outside the workspace. An incomplete denylist allows external calls to the globalCopyFiles and importStdMd endpoints to read arbitrary files from critical Linux directories such as /opt, /usr, /home, /mnt, and /media. This can expose sensitive configuration files, binaries, or personal data, leading to a compromise of confidentiality. The weakness is a classic path traversal issue (CWE\u201122).", "risk_and_exploitability": "The CVSS score of 6.8 classifies this as a medium severity issue, while the EPSS score of less than 1% indicates a currently low probability of exploitation. The vulnerability has not been added to the CISA KEV catalog, implying no known widespread exploitation. Attackers can leverage the exposed REST endpoints \u2013 a likely remote attack vector \u2013 to read sensitive files. Successful exploitation would only require network access to the endpoints or local execution of the affected code base."}}}}, "created": "2026-03-23T09:52:26.960367+00:00", "updated": "2026-03-25T14:34:20.276231+00:00", "vendors": ["siyuan", "siyuan$PRODUCT$siyuan"]}