SiYuan ≤ 3.6.1 Unauthenticated Arbitrary File Read via Path Traversal (CVE-2026-33476)
An unauthenticated path traversal vulnerability in SiYuan ≤ 3.6.1 allows attackers to read arbitrary files from the server via the /appearance/ endpoint, exposing sensitive configuration and system data.