Siyuan-note - Siyuan - CRITICAL - CVE-2026-30869. A path traversal vulnerability exists in the SiYuan Personal Knowledge Management System allowing attackers to read arbitrary files from the server's filesystem through the /export endpoint. By exploiting double-encoded traversal sequences, attackers can access sensitive information such as configuration files, including conf/conf.json, which may contain crucial secrets like API tokens and workspace authentication codes. Such exposure can lead to unauthorized administrative access to the SiYuan kernel API and, under certain circumstances, could be leveraged for remote code execution.