3 matches found
CVE-2026-41894
SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the serveExport process. An attacker can access and exfiltrate sensitive files, including databases and logs, by sending specially crafted requests with double URL encoding to bypass path validation. Details A...
PT-2026-35066
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.5 Description An authenticated attacker can perform directory traversal to read arbitrary workspace files, including the full SQLite database siyuan.db, kernel logs, and all user documents. This occurs because the...