VDB
GHSA-hjh7-r5w8-5872
GHSA-hjh7-r5w8-5872
PUBLISHED
CVSS 7.099999904632568 HIGH
SiYuan: Path Traversal via Double URL Encoding in `/export/` Endpoint (Incomplete Fix Bypass for CVE-2026-30869)
Risk Scores
CVSS 4.0
7.099999904632568
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | siyuan-note/siyuan/kernel | 0 |
Timeline
- Apr 22, 2026 CVE Published
- May 6, 2026 Security Advisory
References
- https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hjh7-r5w8-5872 url
- https://github.com/siyuan-note/siyuan/commit/bb481e1290c4a34255652ede85a546504505d2a7 url
- https://github.com/advisories/GHSA-2h2p-mvfx-868w advisory
- https://github.com/siyuan-note/siyuan package
- https://github.com/siyuan-note/siyuan/releases/tag/v3.6.5 url