A critical information disclosure vulnerability in SiYuan allows unauthenticated attackers to map and retrieve the names of all documents within a notebook by abusing the file directory API.

The /api/file/readDir interface lacks sufficient authorization checks, allowing an unauthenticated attacker to traverse the file structure and retrieve the names of all documents. This serves as a reconnaissance vector for further data theft.

While this specific CVE focuses on filename retrieval, it provides the necessary metadata for an attacker to target specific sensitive documents for exfiltration. The CVSS score of 9.8 reflects the high risk of data exposure and the lack of authentication required to perform the traversal.

Immediate Action: Upgrade the SiYuan installation to version 3.6.2 or higher immediately.

Proactive Monitoring: Review application logs for unauthorized calls to the /api/file/readDir endpoint.

Compensating Controls: Restrict access to the SiYuan API via firewall rules or host-level access control lists (ACLs) to ensure only trusted devices can interact with the service.

Public Exploit Available: false

This vulnerability, combined with CVE-2026-33669, allows for the complete automated harvesting of a user's knowledge base. Immediate patching is the only effective way to secure the application against unauthenticated discovery.