Vulnerability Report: GO-2026-4646

  • CVE-2026-30869, GHSA-2h2p-mvfx-868w
  • Affects: github.com/siyuan-note/siyuan/kernel
  • Published: Mar 10, 2026

SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage in github.com/siyuan-note/siyuan/kernel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: github.com/siyuan-note/siyuan/kernel before v3.5.10.

For detailed information about this vulnerability, visit https://github.com/siyuan-note/siyuan/security/advisories/GHSA-2h2p-mvfx-868w.

Affected Packages

  • Path
    Versions
    Symbols

Aliases

References

Feedback

See anything missing or incorrect? Suggest an edit to this report.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.