CVE-2026-33670 — AI Deep Analysis Summary

🚨 **Essence**: Path Traversal in SiYuan < 3.6.2. 📂 The `/api/file/readDir` endpoint fails to sanitize input.…

🛡️ **Root Cause**: **CWE-22** (Improper Limitation of a Pathname to a Restricted Directory). 🐛 The application does not properly validate or normalize user-supplied paths in the directory reading API.

👥 **Affected**: **SiYuan Note** (Personal Knowledge Management System). 📅 **Versions**: All versions **prior to 3.6.2**. 🏢 **Vendor**: siyuan-note.

🕵️ **Attacker Actions**: Enumerate file structures. 📄 Access sensitive document filenames. 🔓 **Impact**: High Confidentiality, Integrity, and Availability loss (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

⚡ **Threshold**: **LOW**. 🌐 **Network**: Remote (AV:N). 🔑 **Auth**: None required (PR:N). 🖱️ **UI**: None required (UI:N). 🎯 **Complexity**: Low (AC:L). Easy to exploit.

📦 **Public Exploit**: No specific PoC code provided in the data. 📝 **Reference**: GitHub Security Advisory (GHSA-xmw9-6r43-x9ww) confirms the vulnerability exists. ⚠️ Likely exploitable via simple HTTP requests.

🔍 **Self-Check**: Scan for SiYuan instances. 🧪 Test the `/api/file/readDir` endpoint with path traversal payloads (e.g., `../../`). 📋 Look for unauthorized file name enumeration in responses.

🛠️ **Fix**: Upgrade to **SiYuan version 3.6.2** or later. 📥 Check the official GitHub repository for the patch. 🔄 Ensure all instances are updated.

🚧 **Workaround**: If patching is delayed, restrict network access to the `/api/file/readDir` endpoint. 🚫 Implement WAF rules to block path traversal characters (`../`). 🔒 Limit API exposure.

🔥 **Urgency**: **HIGH**. 🚨 CVSS Score indicates Critical impact. 🏃‍♂️ Immediate patching recommended due to low exploitation barrier and high data risk. 📢 Notify users to update ASAP.