{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T00:21:25.840","vulnerabilities":[{"cve":{"id":"CVE-2026-33203","sourceIdentifier":"security-advisories@github.com","published":"2026-03-20T23:16:45.520","lastModified":"2026-03-23T18:48:43.490","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific \"auth keepalive\" query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on attacker-controlled JSON. A remote attacker can send malformed messages that trigger a runtime panic, potentially crashing the kernel process and causing denial of service. Version 3.6.2 fixes the issue."},{"lang":"es","value":"SiYuan es un sistema de gestión de conocimiento personal. Antes de la versión 3.6.2, el servidor WebSocket del kernel de SiYuan acepta conexiones no autenticadas cuando un parámetro de consulta específico 'auth keepalive' está presente. Después de la conexión, los mensajes entrantes se analizan utilizando aserciones de tipo no verificadas en JSON controlado por el atacante. Un atacante remoto puede enviar mensajes malformados que desencadenan un pánico en tiempo de ejecución, lo que podría bloquear el proceso del kernel y causar una denegación de servicio. La versión 3.6.2 corrige el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-248"},{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:b3log:siyuan:*:*:*:*:*:*:*:*","versionEndExcluding":"3.6.2","matchCriteriaId":"27CB71A7-7208-417A-AE6D-266D57F683E9"}]}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-3g9h-9hp4-654v","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}