{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33203", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-17T23:23:58.312Z", "datePublished": "2026-03-20T22:32:33.219Z", "dateUpdated": "2026-03-23T16:46:04.215Z"}, "containers": {"cna": {"title": "SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass", "problemTypes": [{"descriptions": [{"cweId": "CWE-248", "lang": "en", "description": "CWE-248: Uncaught Exception", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-306", "lang": "en", "description": "CWE-306: Missing Authentication for Critical Function", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-3g9h-9hp4-654v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-3g9h-9hp4-654v"}], "affected": [{"vendor": "siyuan-note", "product": "siyuan", "versions": [{"version": "< 3.6.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T22:32:33.219Z"}, "descriptions": [{"lang": "en", "value": "SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific \"auth keepalive\" query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on attacker-controlled JSON. A remote attacker can send malformed messages that trigger a runtime panic, potentially crashing the kernel process and causing denial of service. Version 3.6.2 fixes the issue."}], "source": {"advisory": "GHSA-3g9h-9hp4-654v", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T16:45:50.474064Z", "id": "CVE-2026-33203", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:46:04.215Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33203", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T16:45:50.474064Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:45:55.996Z"}}], "cna": {"title": "SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass", "source": {"advisory": "GHSA-3g9h-9hp4-654v", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "siyuan-note", "product": "siyuan", "versions": [{"status": "affected", "version": "< 3.6.2"}]}], "references": [{"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-3g9h-9hp4-654v", "name": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-3g9h-9hp4-654v", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific \"auth keepalive\" query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on attacker-controlled JSON. A remote attacker can send malformed messages that trigger a runtime panic, potentially crashing the kernel process and causing denial of service. Version 3.6.2 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-248", "description": "CWE-248: Uncaught Exception"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T22:32:33.219Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33203", "state": "PUBLISHED", "dateUpdated": "2026-03-23T16:46:04.215Z", "dateReserved": "2026-03-17T23:23:58.312Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-20T22:32:33.219Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:b3log:siyuan:*:*:*:*:*:*:*:*", "matchCriteriaId": "27CB71A7-7208-417A-AE6D-266D57F683E9", "versionEndExcluding": "3.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific \"auth keepalive\" query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on attacker-controlled JSON. A remote attacker can send malformed messages that trigger a runtime panic, potentially crashing the kernel process and causing denial of service. Version 3.6.2 fixes the issue."}], "id": "CVE-2026-33203", "lastModified": "2026-03-23T18:48:43.490", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-20T23:16:45.520", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-3g9h-9hp4-654v"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-248"}, {"lang": "en", "value": "CWE-306"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.6.2)"}}], "enrichment": {"confidence": 84.0, "confidence_source": "matching", "scores": [{"score": 84.0, "source": "matching"}]}, "original": {"product": "siyuan", "source": "cna", "vendor": "siyuan-note"}, "product": "siyuan", "vendor": "siyuan"}], "analysis": {"en": {"generated_at": "2026-03-23T20:39:42.194869+00:00", "value": {"mitigation_remediation": ["Update SiYuan to version 3.6.2 or later to eliminate the unauthenticated WebSocket access and input validation flaw.", "If an upgrade is not immediately possible, restrict or block WebSocket connections that include the 'auth keepalive' query parameter using firewall or application layer controls.", "Verify that no other authentication bypasses exist on the WebSocket endpoint and confirm that proper type checking is enforced for all JSON inputs.", "Monitor system logs for panic messages or repeated crashes and implement automatic restart routines to maintain service availability."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "SiYuan, the personal knowledge management system, is affected. All versions of the SiYuan kernel WebSocket server released prior to 3.6.2 are vulnerable. The issue was addressed in version 3.6.2 by removing unauthenticated WebSocket access and validating message types.", "description_and_impact": "The vulnerability allows an unauthenticated attacker to open a WebSocket connection to the SiYuan kernel server when a specific 'auth keepalive' query parameter is supplied. Within an established connection, the server parses incoming JSON messages using unchecked type assertions. A crafted malformed message can trigger a runtime panic, causing the kernel process to crash and the service to become unavailable. The weakness is represented by CWE\u2011248 (Unchecked Return Value) and CWE\u2011306 (Missing Authentication for Critical Function). This results in a denial of service that can affect all users of the affected instance but does not provide the attacker with escalation or data exfiltration capabilities.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high severity, while the EPSS score of less than 1% suggests a low likelihood of automated exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Attackers can exploit the flaw remotely by establishing a WebSocket connection with the keepalive parameter, then sending crafted JSON payloads to induce a panic. The risk is particularly relevant for publicly exposed SiYuan servers that have not applied the patch, as the DoS can disrupt service availability for all users."}}}}, "created": "2026-03-23T09:52:25.203463+00:00", "updated": "2026-03-25T14:34:18.292470+00:00", "vendors": ["siyuan", "siyuan$PRODUCT$siyuan"]}