Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
SiYuan: Unauthorized file access via path traversal in /export endpoint
GHSA-2h2p-mvfx-868w
CVE-2026-30869
Summary
SiYuan's /export endpoint allows attackers to read sensitive files from the server, potentially exposing secrets that could lead to administrative access or remote code execution. Users should upgrade to version 3.5.10 or later to fix this issue. This affects all versions of SiYuan prior to 3.5.10.
What to do
- Update github.com siyuan-note to version 3.5.10.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| github.com | siyuan-note | <= 3.5.9 | 3.5.10 |
| b3log | siyuan | <= 3.5.10 | – |
Original title
SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By e...
Original description
SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as conf/conf.json, which contains secrets including the API token, cookie signing key, and workspace access authentication code. Leaking these secrets may enable administrative access to the SiYuan kernel API, and in certain deployment scenarios could potentially be chained into remote code execution (RCE). This vulnerability is fixed in 3.5.10.
ghsa CVSS3.1
9.3
Vulnerability type
CWE-22
Path Traversal
CWE-200
Information Exposure
CWE-285
Improper Authorization
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026