Home / Vulnerability Intelligence / CVE-2026-30869

CVE-2026-30869 - Vulnerability Analysis

CriticalCVSS: 9.3

Last Updated: March 11, 2026

SiYuan - Path Traversal

Published: March 10, 2026Updated: March 11, 2026Remote Exploitable

Overview

SiYuan < 3.5.10 contains a path traversal caused by double-encoded traversal sequences in the /export endpoint, letting attackers read arbitrary files including sensitive configuration files, exploit requires crafted requests.

Severity & Score

Severity: Critical

CVSS Score: 9.3

EPSS Score: 43.3%(Probability of exploitation in next 30 days)

Impact

Attackers can read sensitive files, potentially gaining administrative access and enabling further remote code execution.

Mitigation

Update to version 3.5.10 or later.

References

https://github.com/siyuan-note/siyuan/security/advisories/GHSA-2h2p-mvfx-868w

Social Media Activity(1 post)

Offensive Sequence

@offseq

Mar 10, 2026

🚨 CRITICAL: CVE-2026-30869 affects SiYuan (< 3.5.10) — path traversal via /export lets attackers read sensitive files (API tokens, keys). Patch to 3.5.10+ now! No auth needed. All admins review configs. https://radar.offseq.com/threat/cve-2026-30869-cwe-22-improper-limitation-of-a-pat-98459c9d #OffSeq #CVE202630869 #infosec

View original post

Related Resources

Details

CVE ID: CVE-2026-30869
Severity: Critical
CVSS Score: 9.3
Type: path_traversal
Status: unconfirmed
EPSS: 43.3%
Social Posts: 1

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

EPSS Score

43.3%Probability of exploitation in the next 30 days