CVE-2026-41894

Vulnerability Description

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check (IsSensitivePath) but did not address the root cause — a redundant url.PathUnescape() call in serveExport(). An authenticated attacker can use double URL encoding (%252e%252e) to traverse directories and read arbitrary workspace files including the full SQLite database (siyuan.db), kernel log, and all user documents. This vulnerability is fixed in 3.6.5.

Vulnerability Details

Published Date

April 24, 2026

Last Modified

April 24, 2026

CWE ID

CWE-22

Source

NVD

Vendor

siyuan-note

Product

siyuan

External References

https://github.com/siyuan-note/siyuan/commit/bb481e1290c4a34255652ede85a546504505d2a7
https://github.com/siyuan-note/siyuan/releases/tag/v3.6.5
https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hjh7-r5w8-5872

CVE-2026-41894

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment