Which versions of SiYuan are affected by CVE-2026-41894?

CVE-2026-41894 is a directory traversal vulnerability in SiYuan personal knowledge management system that permits authenticated users to bypass access controls and read arbitrary workspace files,…. A patch is available.

SiYuan CVE-2026-41894

Q: What is the CVSS score of CVE-2026-41894?

CVE-2026-41894 has a CVSS 4.0 base score of 7.1 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-25626 HIGH

Path Traversal (CWE-22)

2026-04-24 GitHub_M

GHSA-hjh7-r5w8-5872

Path Traversal

7.1

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Patch released

Apr 27, 2026 - 18:53 nvd

Patch available

Re-analysis Queued

Apr 27, 2026 - 14:22 vuln.today

cvss_changed

Patch available

Apr 24, 2026 - 21:02 EUVD

Analysis Generated

Apr 24, 2026 - 19:46 vuln.today

CVSS changed

Apr 24, 2026 - 19:22 NVD

7.1 (HIGH)

EUVD ID Assigned

Apr 24, 2026 - 19:15 euvd

EUVD-2026-25626

Analysis Generated

Apr 24, 2026 - 19:15 vuln.today

CVE Published

Apr 24, 2026 - 18:56 nvd

HIGH 7.1

DescriptionNVD

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check (IsSensitivePath) but did not address the root cause - a redundant url.PathUnescape() call in serveExport(). An authenticated attacker can use double URL encoding (%252e%252e) to traverse directories and read arbitrary workspace files including the full SQLite database (siyuan.db), kernel log, and all user documents. This vulnerability is fixed in 3.6.5.

AnalysisAI

Directory traversal in SiYuan personal knowledge management system allows authenticated attackers to read arbitrary workspace files via double URL encoding bypass. The vulnerability stems from an incomplete fix for CVE-2026-30869 that added only denylist validation without removing a redundant url.PathUnescape() call in serveExport(). …

RemediationAI

Within 24 hours: Identify all SiYuan deployments and current version numbers in your environment; restrict network access to SiYuan instances to authorized users only and review recent access logs for suspicious file requests. Within 7 days: Contact SiYuan vendor for patch timeline and interim mitigation guidance; implement application-level request logging to detect directory traversal attempts using patterns like %252e%252e. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-41894 vulnerability details – vuln.today

Back

SiYuan CVE-2026-41894

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

SiYuan CVE-2026-41894

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code