CVE-2026-30869

CRITICAL 9.3

SiYuan has a Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage

CVSS Score

9.3

EPSS Score

0.0%

EPSS Percentile

0th

SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as conf/conf.json, which contains secrets including the API token, cookie signing key, and workspace access authentication code. Leaking these secrets may enable administrative access to the SiYuan kernel API, and in certain deployment scenarios could potentially be chained into remote code execution (RCE). This vulnerability is fixed in 3.5.10.

CWE	CWE-22
Vendor	siyuan-note
Product	siyuan
Published	Mar 9, 2026
Last Updated	Mar 10, 2026

Stay Ahead of the Next One

Get instant alerts for siyuan-note siyuan

Be the first to know when new critical vulnerabilities affecting siyuan-note siyuan are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

Low

Affected Versions

siyuan-note / siyuan

< 3.5.10

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/siyuan-note/siyuan/security/advisories/GHSA-2h2p-mvfx-868w