3 matches found
PT-2026-52107
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description An unauthenticated remote attacker can read arbitrary files within the WorkspaceDir when the system is in publish mode, which is an anonymous read-only HTTP endpoint. This is achieved by using...
CVE-2026-41894 SiYuan: Incomplete Fix Bypass for CVE-2026-30869: Path Traversal via Double URL Encoding in `/export/` Endpoint
SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding...
CVE-2026-41894
creationtimestamp| type| source ---|---|--- 2026-04-19 09:48:52+00:00| published-proof-of-concept| https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hjh7-r5w8-5872 2026-06-24 23:00:38+00:00| seen| https://bsky.app/profile/euvd-bot.bsky.social/post/3mp2zg2oftg2u...