Home / Vulnerability Intelligence / CVE-2026-30869

CVE-2026-30869 - Vulnerability Analysis

CriticalCVSS: 9.3

Last Updated: March 11, 2026

SiYuan - Path Traversal

Published: March 10, 2026Updated: March 11, 2026Remote Exploitable

Overview

SiYuan < 3.5.10 contains a path traversal caused by double-encoded traversal sequences in the /export endpoint, letting attackers read arbitrary files including sensitive configuration files, exploit requires crafted requests.

Severity & Score

Severity: Critical

CVSS Score: 9.3

EPSS Score: 67.7%(Probability of exploitation in next 30 days)

Impact

Attackers can read sensitive files, potentially gaining administrative access and enabling further remote code execution.

Mitigation

Update to version 3.5.10 or later.

References

https://github.com/siyuan-note/siyuan/security/advisories/GHSA-2h2p-mvfx-868w

Social Media Activity(1 post)

EUVD Bot

@EUVD_Bot

Apr 24, 2026

🚨 EUVD-2026-25626 📊 Score: 7.1/10 (CVSS v3.1) 📦 Product: SiYuan 🏢 Vendor: siyuan-note 📅 Updated: 2026-04-24 📝 SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check (IsSensitivePath) but did not address the root cause — a redundant url.PathUnescape() call in serveExport(). An authentic... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-25626 #cybersecurity #infosec #euvd #cve #vulnerability

View original post

Related Resources

Details

CVE ID: CVE-2026-30869
Severity: Critical
CVSS Score: 9.3
Type: path_traversal
Status: unconfirmed
EPSS: 67.7%
Social Posts: 1

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

EPSS Score

67.7%Probability of exploitation in the next 30 days