CVE-2026-40318
HIGHDescription
SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs a filesystem path using the user-controlled id parameter without validation or path boundary enforcement. An attacker can inject path traversal sequences such as ../ into the id value to escape the intended directory and delete arbitrary .json files on the server, including global configuration files and workspace metadata. This issue has been fixed in version 3.6.4.
Is your site exposed to CVE-2026-40318?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| b3log | siyuan |
References
Frequently Asked Questions
What is CVE-2026-40318? +
How severe is CVE-2026-40318? +
What products are affected by CVE-2026-40318? +
How do I check if I'm vulnerable to CVE-2026-40318? +
Related Vulnerabilities
esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a path-traversal flaw in the …
Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs …
Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. …
The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, …
An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in …
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller …