Home / Vulnerability Intelligence / CVE-2026-33669

CVE-2026-33669 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 26, 2026

SiYuan - Information Disclosure

Published: March 26, 2026Updated: March 26, 2026Remote Exploitable

Overview

SiYuan < 3.6.2 contains an information disclosure vulnerability caused by improper access control in /api/file/readDir and /api/block/getChildBlocks interfaces, letting attackers view document contents, exploit requires no special privileges.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 4.3%(Probability of exploitation in next 30 days)

Impact

Attackers can view contents of all documents, leading to sensitive information disclosure.

Mitigation

Update to version 3.6.2 or later.

References

https://github.com/siyuan-note/siyuan/security/advisories/GHSA-34xj-66v3-6j83

Social Media Activity(1 post)

Offensive Sequence

@offseq

Mar 27, 2026

🚨 CVE-2026-33669: SiYuan (<3.6.2) has a CRITICAL out-of-bounds read flaw (CVSS 9.8). No auth/user interaction needed — remote attackers can leak sensitive memory. Upgrade to 3.6.2 ASAP! https://radar.offseq.com/threat/cve-2026-33669-cwe-125-out-of-bounds-read-in-siyua-064aace2 #OffSeq #Vulnerability #SiYuan #Cybersecurity

View original post

Related Resources

Details

CVE ID: CVE-2026-33669
Severity: Critical
CVSS Score: 9.8
Type: broken_access_control
Status: new
EPSS: 4.3%
Social Posts: 1

CWE

CWE-125

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

4.3%Probability of exploitation in the next 30 days