CVE-2026-33194 is a path traversal vulnerability classified under CWE-22 affecting SiYuan, a personal knowledge management system. The root cause is an incomplete denylist in the IsSensitivePath() function within kernel/util/path.go, which is intended to prevent access to sensitive system directories. Despite recent expansions to the denylist, critical Linux directories such as /opt (application data), /usr (local binaries and configs), /home (user directories), /mnt, and /media (mounted volumes) remain accessible. The vulnerability specifically affects the globalCopyFiles and importStdMd API endpoints, which rely on IsSensitivePath() to restrict file reads to the workspace directory. Authenticated users with high privileges can exploit this flaw to read arbitrary files outside the workspace, potentially exposing sensitive system or user data. The vulnerability does not allow modification or deletion of files, nor does it affect system availability. The issue was fixed in SiYuan version 3.6.2 by enhancing the path restriction logic. No public exploits have been reported, but the vulnerability poses a significant confidentiality risk if exploited. The CVSS v3.1 score is 6.8, reflecting network attack vector, low attack complexity, required privileges, no user interaction, and high confidentiality impact with no integrity or availability impact.

The primary impact of CVE-2026-33194 is unauthorized disclosure of sensitive information due to the ability to read arbitrary files outside the intended workspace. This can lead to exposure of system configuration files, user data, application secrets, or other sensitive information stored in directories like /opt, /usr, or /home. For organizations, this can result in data breaches, loss of confidentiality, and potential escalation paths if sensitive credentials or configurations are exposed. Since the vulnerability requires authenticated users with high privileges, the risk is somewhat mitigated by access controls, but insider threats or compromised accounts could exploit it. The vulnerability does not affect data integrity or system availability, limiting its impact to confidentiality. Organizations relying on SiYuan for knowledge management on Linux systems are at risk, especially if they have sensitive data stored in accessible directories. The lack of known exploits reduces immediate risk but does not eliminate the threat, especially in targeted attacks.

1. Upgrade SiYuan to version 3.6.2 or later, which contains the patched IsSensitivePath() function with comprehensive directory restrictions. 2. Restrict high-privilege user access to SiYuan to trusted personnel only, minimizing the risk of insider exploitation. 3. Implement strict Linux file system permissions to limit access to sensitive directories such as /opt, /usr, /home, /mnt, and /media, reducing the impact if the vulnerability is exploited. 4. Monitor and audit access logs for the globalCopyFiles and importStdMd endpoints to detect suspicious file access attempts. 5. Consider deploying application-layer firewalls or endpoint detection solutions that can identify anomalous file read patterns. 6. Educate users about the importance of safeguarding credentials and promptly reporting suspicious activity. 7. If upgrading immediately is not feasible, apply temporary compensating controls such as disabling or restricting the vulnerable endpoints where possible.