NIXPKGS-2026-0792

GitHub issue published on

Permalink CVE-2026-33669

9.8 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

updated 1 week, 6 days ago by @LeSuisse Activity log

Created automatic suggestion 1 week, 6 days ago
@LeSuisse accepted 1 week, 6 days ago
@LeSuisse published on GitHub 1 week, 6 days ago

SiYuan has Arbitrary Document Reading within the Publishing Service

SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. Version 3.6.2 patches the issue.

References

https://github.com/siyuan-note/siyuan/security/advisories/GHSA-34xj-66v3-6j83 x_refsource_CONFIRM

Affected products

siyuan

==< 3.6.2

Matching in nixpkgs

pkgs.siyuan

Privacy-first personal knowledge management system that supports complete offline usage, as well as end-to-end encrypted data sync

nixos-unstable 3.6.1
- nixpkgs-unstable 3.6.0
- nixos-unstable-small 3.6.1
nixos-25.11 3.5.4
- nixos-25.11-small 3.5.4
- nixpkgs-25.11-darwin 3.5.4

Package maintainers

@TomaSajt TomaSajt
@L-Trump Luo Chen <ltrump@163.com>

Upstream advisory: https://github.com/siyuan-note/siyuan/security/advisories/GHSA-34xj-66v3-6j83

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0792

References

Affected products

Matching in nixpkgs

pkgs.siyuan

Package maintainers