Directory Traversal

SiYuan is vulnerable to Directory Traversal. The vulnerability is due to improper handling of double URL decoding in the serveExport function, which allows an attacker to use double-encoded traversal sequences to read arbitrary files from the workspace...

CVE-2026-41894

SiYuan up to version 3.6.4 is vulnerable due to a root cause in serveExport(): a redundant url.PathUnescape() combined with a prior denylist can be bypassed by double URL encoding (%252e%252e), enabling directory traversal and read access to arbitrary workspace files, including the Siyuan databas...

CVE-2026-41894

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding...

SiYuan 路径遍历漏洞

SiYuan is an open-source personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.6.5 contained a path traversal vulnerability. This vulnerability arose from the fix of CVE-2026-30869, where only blacklist checks were added, and the redundant calls to the...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the serveExport process. An attacker can access and exfiltrate sensitive files, including databases and logs, by sending specially crafted requests with double URL encoding to bypass path validation. Details A...